Vulnerability-Lookup

CVE-2023-26081 (GCVE-0-2023-26081)

Vulnerability from cvelistv5 – Published: 2023-02-20 00:00 – Updated: 2025-03-18 15:00

Summary

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

Assigner

mitre

References

URL

FKIE_CVE-2023-26081

Vulnerability from fkie_nvd - Published: 2023-02-20 03:15 - Updated: 2025-03-18 15:15

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

References

URL	Tags
cve@mitre.org	https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x	Exploit, Third Party Advisory
cve@mitre.org	https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275	Patch, Vendor Advisory
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/
af854a3a-2127-422b-91ae-364da2661108	https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/

Impacted products

	Vendor	Product	Version
	gnome	epiphany	*
	fedoraproject	fedora	37

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "415F3443-BB2C-4889-A91B-03AC1BF393E8",
              "versionEndExcluding": "43.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts."
    }
  ],
  "id": "CVE-2023-26081",
  "lastModified": "2025-03-18T15:15:45.960",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2023-02-20T03:15:10.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-CW64-PQ7M-342R

Vulnerability from github – Published: 2023-02-20 03:30 – Updated: 2025-03-18 15:30

Details

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-26081"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-668"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-20T03:15:00Z",
    "severity": "HIGH"
  },
  "details": "In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.",
  "id": "GHSA-cw64-pq7m-342r",
  "modified": "2025-03-18T15:30:35Z",
  "published": "2023-02-20T03:30:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26081"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-26081

Vulnerability from fstec - Published: 19.02.2023

Title

Уязвимость веб-браузера Epiphany, связанная с недостатками контроля доступа, позволяющая нарушителю раскрыть защищаемую информацию

Description

Уязвимость веб-браузера Epiphany связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vendor

Fedora Project, The GNOME Project, АО «НТЦ ИТ РОСА»

Software Name

Fedora, Epiphany, РОСА ХРОМ (запись в едином реестре российских программ №1607)

Software Version

36 (Fedora), 37 (Fedora), до 43.1 (Epiphany), 12.4 (РОСА ХРОМ)

Possible Mitigations

Для веб-браузера Epiphany: Обновление до версии 43.1 или выше Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/ Для операционной системы РОСА ХРОМ:https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2330

Reference

https://habr.com/ru/company/tomhunter/blog/721008/ https://nvd.nist.gov/vuln/detail/CVE-2023-26081 https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275 Patch Vendor Advisory https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/ https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2330

CWE

CWE-284, CWE-668

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Fedora Project, The GNOME Project, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "36 (Fedora), 37 (Fedora), \u0434\u043e 43.1 (Epiphany), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Epiphany:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 43.1 \u0438\u043b\u0438 \u0432\u044b\u0448\u0435\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c:https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2330",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "19.02.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.04.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.03.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01753",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-26081",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Fedora, Epiphany, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Fedora Project Fedora 36 , Fedora Project Fedora 37 , \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Epiphany, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284), \u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0434\u043b\u044f \u043e\u0448\u0438\u0431\u043e\u0447\u043d\u043e\u0439 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 (CWE-668)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0431\u0440\u0430\u0443\u0437\u0435\u0440\u0430 Epiphany \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://habr.com/ru/company/tomhunter/blog/721008/\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26081\nhttps://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x\nhttps://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275 Patch  Vendor Advisory \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2024-2330",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284, CWE-668",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CERTFR-2024-AVI-0119

Vulnerability from certfr_avis - Published: 2024-02-13 - Updated: 2024-02-13

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une élévation de privilèges et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions antérieures à V2.4
Siemens	N/A	SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.4
Siemens	N/A	SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions antérieures à V2.4
Siemens	N/A	Simcenter Femap versions antérieures à V2401.0000
Siemens	N/A	SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions antérieures à V2.4
Siemens	N/A	Parasolid V36.0 versions antérieures à V36.0.198
Siemens	N/A	SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions antérieures à V2.4
Siemens	N/A	SCALANCE SC646-2C (6GK5646-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions antérieures à V2.4
Siemens	N/A	SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions antérieures à V2.4
Siemens	N/A	SCALANCE SC636-2C (6GK5636-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	Location Intelligence SUS Small (9DE5110-8CA11-1BX0) versions antérieures à V4.3
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP2 Update 15
Siemens	N/A	SINEC NMS versions antérieures à V2.0 SP1
Siemens	N/A	SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions antérieures à V2.4
Siemens	N/A	SIMATIC WinCC V8.0 versions antérieures à V8.0 SP4
Siemens	N/A	SIDIS Prime versions antérieures à V4.0.400
Siemens	N/A	SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions antérieures à V2.4
Siemens	N/A	Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) versions antérieures à V4.3
Siemens	N/A	SCALANCE SC642-2C (6GK5642-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions antérieures à V2.4
Siemens	N/A	Parasolid V35.1 versions antérieures à V35.1.252
Siemens	N/A	Tecnomatix Plant Simulation V2201 versions antérieures à V2201.0012
Siemens	N/A	RUGGEDCOM APE1808 avec Nozomi Guardian / CMC antérieures à 23.3.0
Siemens	N/A	Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) versions antérieures à V4.3
Siemens	N/A	SCALANCE SC632-2C (6GK5632-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) versions antérieures à V4.3
Siemens	N/A	Location Intelligence SUS Large (9DE5110-8CA13-1BX0) versions antérieures à V4.3
Siemens	N/A	SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions antérieures à V2.4
Siemens	N/A	SCALANCE SC626-2C (6GK5626-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) versions antérieures à V4.3
Siemens	N/A	Tecnomatix Plant Simulation V2302 versions antérieures à V2302.0006
Siemens	N/A	Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) versions antérieures à V4.3
Siemens	N/A	SCALANCE SC622-2C (6GK5622-2GS00-2AC2) versions antérieures à V3.1
Siemens	N/A	Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) versions antérieures à V4.3
Siemens	N/A	Parasolid V35.0 versions antérieures à V35.0.263

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-000072 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-602936 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-647068 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-943925 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-753746 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-806742 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-580228 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-716164 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-797296 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-108696 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-871717 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-516818 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-017796 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-543502 du 13 février 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-665034 du 13 février 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2401.0000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V36.0 versions ant\u00e9rieures \u00e0 V36.0.198",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence SUS Small (9DE5110-8CA11-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V2.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 SP4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIDIS Prime versions ant\u00e9rieures \u00e0 V4.0.400",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.252",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation V2201 versions ant\u00e9rieures \u00e0 V2201.0012",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM APE1808 avec Nozomi Guardian / CMC ant\u00e9rieures \u00e0 23.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence SUS Large (9DE5110-8CA13-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions ant\u00e9rieures \u00e0 V2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC626-2C (6GK5626-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation V2302 versions ant\u00e9rieures \u00e0 V2302.0006",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) versions ant\u00e9rieures \u00e0 V4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.263",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-49691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49691"
    },
    {
      "name": "CVE-2022-46393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46393"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2022-41556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41556"
    },
    {
      "name": "CVE-2023-3316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3316"
    },
    {
      "name": "CVE-2023-3006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3006"
    },
    {
      "name": "CVE-2023-51440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51440"
    },
    {
      "name": "CVE-2023-23946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23946"
    },
    {
      "name": "CVE-2023-28466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
    },
    {
      "name": "CVE-2023-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1838"
    },
    {
      "name": "CVE-2023-30772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30772"
    },
    {
      "name": "CVE-2023-45622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45622"
    },
    {
      "name": "CVE-2023-44321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44321"
    },
    {
      "name": "CVE-2022-29162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29162"
    },
    {
      "name": "CVE-2023-30585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30585"
    },
    {
      "name": "CVE-2024-23803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23803"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2023-44317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44317"
    },
    {
      "name": "CVE-2023-38199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38199"
    },
    {
      "name": "CVE-2022-36760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
    },
    {
      "name": "CVE-2022-47629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47629"
    },
    {
      "name": "CVE-2023-29404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2021-45451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45451"
    },
    {
      "name": "CVE-2022-26691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26691"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2023-30583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30583"
    },
    {
      "name": "CVE-2021-36369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36369"
    },
    {
      "name": "CVE-2023-25727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25727"
    },
    {
      "name": "CVE-2023-30086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30086"
    },
    {
      "name": "CVE-2022-41409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41409"
    },
    {
      "name": "CVE-2023-3390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
    },
    {
      "name": "CVE-2023-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0330"
    },
    {
      "name": "CVE-2023-2002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
    },
    {
      "name": "CVE-2024-23812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23812"
    },
    {
      "name": "CVE-2023-26965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26965"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-45617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45617"
    },
    {
      "name": "CVE-2023-31124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
    },
    {
      "name": "CVE-2024-24925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24925"
    },
    {
      "name": "CVE-2022-45061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
    },
    {
      "name": "CVE-2024-22042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22042"
    },
    {
      "name": "CVE-2023-50236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50236"
    },
    {
      "name": "CVE-2022-23521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23521"
    },
    {
      "name": "CVE-2023-40283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40283"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2022-28739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28739"
    },
    {
      "name": "CVE-2022-41903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41903"
    },
    {
      "name": "CVE-2023-23934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
    },
    {
      "name": "CVE-2022-4904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-35788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-32067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
    },
    {
      "name": "CVE-2024-23816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23816"
    },
    {
      "name": "CVE-2022-3515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3515"
    },
    {
      "name": "CVE-2023-1393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1393"
    },
    {
      "name": "CVE-2006-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
    },
    {
      "name": "CVE-2022-36021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36021"
    },
    {
      "name": "CVE-2022-39189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
    },
    {
      "name": "CVE-2024-24922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24922"
    },
    {
      "name": "CVE-2022-38725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38725"
    },
    {
      "name": "CVE-2024-24923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24923"
    },
    {
      "name": "CVE-2022-39260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39260"
    },
    {
      "name": "CVE-2022-29862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29862"
    },
    {
      "name": "CVE-2024-23800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23800"
    },
    {
      "name": "CVE-2023-39417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
    },
    {
      "name": "CVE-2023-28322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28322"
    },
    {
      "name": "CVE-2023-29405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
    },
    {
      "name": "CVE-2022-3437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3437"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2022-4743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4743"
    },
    {
      "name": "CVE-2023-1989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1989"
    },
    {
      "name": "CVE-2022-28738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28738"
    },
    {
      "name": "CVE-2023-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1855"
    },
    {
      "name": "CVE-2023-3247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3247"
    },
    {
      "name": "CVE-2023-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
    },
    {
      "name": "CVE-2023-32559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32559"
    },
    {
      "name": "CVE-2023-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0494"
    },
    {
      "name": "CVE-2023-35828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35828"
    },
    {
      "name": "CVE-2022-37797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37797"
    },
    {
      "name": "CVE-2022-32148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2023-31084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31084"
    },
    {
      "name": "CVE-2023-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
    },
    {
      "name": "CVE-2022-45919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45919"
    },
    {
      "name": "CVE-2024-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24921"
    },
    {
      "name": "CVE-2023-28320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28320"
    },
    {
      "name": "CVE-2023-45625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45625"
    },
    {
      "name": "CVE-2023-3611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
    },
    {
      "name": "CVE-2023-4128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4128"
    },
    {
      "name": "CVE-2023-31436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31436"
    },
    {
      "name": "CVE-2023-32558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32558"
    },
    {
      "name": "CVE-2023-2194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
    },
    {
      "name": "CVE-2023-33203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33203"
    },
    {
      "name": "CVE-2022-41861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41861"
    },
    {
      "name": "CVE-2024-23813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23813"
    },
    {
      "name": "CVE-2022-34918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2024-23802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23802"
    },
    {
      "name": "CVE-2021-43666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43666"
    },
    {
      "name": "CVE-2023-22490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22490"
    },
    {
      "name": "CVE-2023-0568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
    },
    {
      "name": "CVE-2024-23798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23798"
    },
    {
      "name": "CVE-2023-28319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28319"
    },
    {
      "name": "CVE-2023-32003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32003"
    },
    {
      "name": "CVE-2023-1859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1859"
    },
    {
      "name": "CVE-2023-48363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48363"
    },
    {
      "name": "CVE-2022-1015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1015"
    },
    {
      "name": "CVE-2023-32004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32004"
    },
    {
      "name": "CVE-2023-44320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44320"
    },
    {
      "name": "CVE-2022-29187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29187"
    },
    {
      "name": "CVE-2023-3111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3111"
    },
    {
      "name": "CVE-2023-28709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28709"
    },
    {
      "name": "CVE-2023-30587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30587"
    },
    {
      "name": "CVE-2023-30589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
    },
    {
      "name": "CVE-2022-46392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46392"
    },
    {
      "name": "CVE-2023-28487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28487"
    },
    {
      "name": "CVE-2023-1670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1670"
    },
    {
      "name": "CVE-2023-31489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31489"
    },
    {
      "name": "CVE-2023-32005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32005"
    },
    {
      "name": "CVE-2023-45618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45618"
    },
    {
      "name": "CVE-2023-20593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
    },
    {
      "name": "CVE-2024-23810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23810"
    },
    {
      "name": "CVE-2023-30582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30582"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2022-41862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
    },
    {
      "name": "CVE-2019-19135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19135"
    },
    {
      "name": "CVE-2022-28737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28737"
    },
    {
      "name": "CVE-2023-31147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
    },
    {
      "name": "CVE-2022-45142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45142"
    },
    {
      "name": "CVE-2023-22742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22742"
    },
    {
      "name": "CVE-2022-2586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
    },
    {
      "name": "CVE-2022-36227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36227"
    },
    {
      "name": "CVE-2023-27522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
    },
    {
      "name": "CVE-2022-37454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37454"
    },
    {
      "name": "CVE-2022-48434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48434"
    },
    {
      "name": "CVE-2023-25155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25155"
    },
    {
      "name": "CVE-2023-0160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0160"
    },
    {
      "name": "CVE-2023-5253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5253"
    },
    {
      "name": "CVE-2023-27535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27535"
    },
    {
      "name": "CVE-2022-42919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42919"
    },
    {
      "name": "CVE-2023-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
    },
    {
      "name": "CVE-2021-3445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3445"
    },
    {
      "name": "CVE-2023-30581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30581"
    },
    {
      "name": "CVE-2023-45627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45627"
    },
    {
      "name": "CVE-2023-29406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
    },
    {
      "name": "CVE-2023-30584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30584"
    },
    {
      "name": "CVE-2024-23801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23801"
    },
    {
      "name": "CVE-2024-24924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24924"
    },
    {
      "name": "CVE-2022-4744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4744"
    },
    {
      "name": "CVE-2023-35945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35945"
    },
    {
      "name": "CVE-2023-36664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36664"
    },
    {
      "name": "CVE-2023-21255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21255"
    },
    {
      "name": "CVE-2023-1990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1990"
    },
    {
      "name": "CVE-2022-41717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
    },
    {
      "name": "CVE-2021-4037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
    },
    {
      "name": "CVE-2023-28321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28321"
    },
    {
      "name": "CVE-2023-36617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36617"
    },
    {
      "name": "CVE-2023-38559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38559"
    },
    {
      "name": "CVE-2023-35824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35824"
    },
    {
      "name": "CVE-2023-45616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45616"
    },
    {
      "name": "CVE-2023-45624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45624"
    },
    {
      "name": "CVE-2023-45614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45614"
    },
    {
      "name": "CVE-2023-35823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35823"
    },
    {
      "name": "CVE-2023-46120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46120"
    },
    {
      "name": "CVE-2023-30586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30586"
    },
    {
      "name": "CVE-2023-30588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
    },
    {
      "name": "CVE-2023-1380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1380"
    },
    {
      "name": "CVE-2023-3776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
    },
    {
      "name": "CVE-2023-44319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44319"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2024-23811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23811"
    },
    {
      "name": "CVE-2023-35789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35789"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2024-22043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22043"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2023-4194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4194"
    },
    {
      "name": "CVE-2023-39418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39418"
    },
    {
      "name": "CVE-2023-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
    },
    {
      "name": "CVE-2023-27534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534"
    },
    {
      "name": "CVE-2023-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27536"
    },
    {
      "name": "CVE-2023-2269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2269"
    },
    {
      "name": "CVE-2022-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
    },
    {
      "name": "CVE-2023-27533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533"
    },
    {
      "name": "CVE-2023-26081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26081"
    },
    {
      "name": "CVE-2022-34903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34903"
    },
    {
      "name": "CVE-2023-44322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44322"
    },
    {
      "name": "CVE-2023-32573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
    },
    {
      "name": "CVE-2023-34969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
    },
    {
      "name": "CVE-2023-45619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45619"
    },
    {
      "name": "CVE-2023-48364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48364"
    },
    {
      "name": "CVE-2023-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3863"
    },
    {
      "name": "CVE-2022-24834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
    },
    {
      "name": "CVE-2023-30590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30590"
    },
    {
      "name": "CVE-2023-27538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27538"
    },
    {
      "name": "CVE-2023-36054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36054"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2023-25690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
    },
    {
      "name": "CVE-2022-1348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1348"
    },
    {
      "name": "CVE-2023-2861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2861"
    },
    {
      "name": "CVE-2023-25588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25588"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2023-3141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3141"
    },
    {
      "name": "CVE-2023-34872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34872"
    },
    {
      "name": "CVE-2023-30456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30456"
    },
    {
      "name": "CVE-2023-0567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
    },
    {
      "name": "CVE-2024-23799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23799"
    },
    {
      "name": "CVE-2021-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3638"
    },
    {
      "name": "CVE-2023-34256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34256"
    },
    {
      "name": "CVE-2024-23796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23796"
    },
    {
      "name": "CVE-2022-4415",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4415"
    },
    {
      "name": "CVE-2023-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
    },
    {
      "name": "CVE-2023-3301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3301"
    },
    {
      "name": "CVE-2023-0662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
    },
    {
      "name": "CVE-2023-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3212"
    },
    {
      "name": "CVE-2023-35001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
    },
    {
      "name": "CVE-2022-44370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44370"
    },
    {
      "name": "CVE-2023-45620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45620"
    },
    {
      "name": "CVE-2023-34035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34035"
    },
    {
      "name": "CVE-2022-41860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41860"
    },
    {
      "name": "CVE-2024-23795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23795"
    },
    {
      "name": "CVE-2023-45615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45615"
    },
    {
      "name": "CVE-2022-29536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29536"
    },
    {
      "name": "CVE-2023-49692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49692"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2020-1967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
    },
    {
      "name": "CVE-2023-22745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22745"
    },
    {
      "name": "CVE-2022-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3294"
    },
    {
      "name": "CVE-2023-32006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32006"
    },
    {
      "name": "CVE-2023-24538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
    },
    {
      "name": "CVE-2023-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
    },
    {
      "name": "CVE-2023-45621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45621"
    },
    {
      "name": "CVE-2024-23804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23804"
    },
    {
      "name": "CVE-2022-41723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
    },
    {
      "name": "CVE-2020-11896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11896"
    },
    {
      "name": "CVE-2023-2953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2953"
    },
    {
      "name": "CVE-2023-44373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44373"
    },
    {
      "name": "CVE-2023-41080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41080"
    },
    {
      "name": "CVE-2023-45626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45626"
    },
    {
      "name": "CVE-2023-1206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1206"
    },
    {
      "name": "CVE-2022-37436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
    },
    {
      "name": "CVE-2024-23797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23797"
    },
    {
      "name": "CVE-2023-29402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
    },
    {
      "name": "CVE-2023-31130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
    },
    {
      "name": "CVE-2023-32233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
    },
    {
      "name": "CVE-2023-38039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38039"
    },
    {
      "name": "CVE-2023-29409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
    },
    {
      "name": "CVE-2023-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1611"
    },
    {
      "name": "CVE-2023-28486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28486"
    },
    {
      "name": "CVE-2024-24920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24920"
    },
    {
      "name": "CVE-2023-3268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3268"
    },
    {
      "name": "CVE-2023-0361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0361"
    },
    {
      "name": "CVE-2023-27537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27537"
    },
    {
      "name": "CVE-2023-45623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45623"
    },
    {
      "name": "CVE-2023-32002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32002"
    },
    {
      "name": "CVE-2022-4900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4900"
    },
    {
      "name": "CVE-2023-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
    },
    {
      "name": "CVE-2022-48303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48303"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2023-28450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28450"
    }
  ],
  "initial_release_date": "2024-02-13T00:00:00",
  "last_revision_date": "2024-02-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0119",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune \u00e9l\u00e9vation de privil\u00e8ges et une ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-000072 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-000072.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-602936 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-602936.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-647068 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-647068.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-943925 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-753746 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-753746.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-806742 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-806742.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-580228 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-580228.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-716164 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-716164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-797296 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-797296.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-108696 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-108696.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-871717 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-871717.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-516818 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-516818.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-017796 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-543502 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-543502.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-665034 du 13 f\u00e9vrier 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-665034.html"
    }
  ]
}

GSD-2023-26081

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.

Aliases

CVE-2023-26081

Aliases

CVE-2023-26081

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-26081",
    "id": "GSD-2023-26081",
    "references": [
      "https://www.suse.com/security/cve/CVE-2023-26081.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-26081"
      ],
      "details": "In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.",
      "id": "GSD-2023-26081",
      "modified": "2023-12-13T01:20:53.459445Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-26081",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275",
            "refsource": "MISC",
            "url": "https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275"
          },
          {
            "name": "https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x",
            "refsource": "MISC",
            "url": "https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x"
          },
          {
            "name": "FEDORA-2023-d8d2cd7c58",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/"
          },
          {
            "name": "FEDORA-2023-26b58f8098",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/"
          },
          {
            "name": "[debian-lts-announce] 20230515 [SECURITY] [DLA 3423-1] epiphany-browser security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html"
          }
        ]
      },
      "source": {
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "43.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2023-26081"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-668"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x"
            },
            {
              "name": "https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275"
            },
            {
              "name": "FEDORA-2023-d8d2cd7c58",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/"
            },
            {
              "name": "FEDORA-2023-26b58f8098",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/"
            },
            {
              "name": "[debian-lts-announce] 20230515 [SECURITY] [DLA 3423-1] epiphany-browser security update",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-05-16T00:15Z",
      "publishedDate": "2023-02-20T03:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-26081 (GCVE-0-2023-26081)

FKIE_CVE-2023-26081

GHSA-CW64-PQ7M-342R

CVE-2023-26081

CERTFR-2024-AVI-0119

Solution

GSD-2023-26081

Tags

Sightings

Nomenclature