Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-24394 (GCVE-0-2020-24394)
Vulnerability from cvelistv5 – Published: 2020-08-19 00:00 – Updated: 2024-08-04 15:12
VLAI?
EPSS
Summary
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8"
},
{
"name": "USN-4465-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"name": "openSUSE-SU-2020:1325",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"name": "USN-4483-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4485-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20210325-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-11T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832"
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8"
},
{
"name": "USN-4465-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"name": "openSUSE-SU-2020:1325",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"name": "USN-4483-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4485-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200904-0003/"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20210325-0004/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24394",
"datePublished": "2020-08-19T00:00:00.000Z",
"dateReserved": "2020-08-19T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:12:08.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2020-24394
Vulnerability from fkie_nvd - Published: 2020-08-19 13:15 - Updated: 2024-11-21 05:14
Severity ?
Summary
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html | Third Party Advisory | |
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832 | Patch, Vendor Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200904-0003/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4465-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4483-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/4485-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.starwindsoftware.com/security/sw-20210325-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200904-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4465-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4483-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/4485-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.starwindsoftware.com/security/sw-20210325-0004/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 20.04 | |
| opensuse | leap | 15.1 | |
| oracle | sd-wan_edge | 8.2 | |
| starwindsoftware | starwind_virtual_san | v8 | |
| starwindsoftware | starwind_virtual_san | v8 | |
| starwindsoftware | starwind_virtual_san | v8 | |
| starwindsoftware | starwind_virtual_san | v8 | |
| starwindsoftware | starwind_virtual_san | v8 | |
| starwindsoftware | starwind_virtual_san | v8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3BFBC8-205F-48DF-BB8C-D2C8DC5931FB",
"versionEndExcluding": "5.7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*",
"matchCriteriaId": "0E5C2815-65C8-48D7-BF31-6104EDD0CBE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*",
"matchCriteriaId": "6FF4A265-AFFD-4853-B3CE-A55E950E8B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*",
"matchCriteriaId": "E6484296-5BA8-408A-A087-A0D86BA50703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*",
"matchCriteriaId": "5D31D4A3-7D1E-472F-9BB6-AF889DA7C763",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*",
"matchCriteriaId": "F67B6B43-FF39-4B05-8704-EDFCED4117E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*",
"matchCriteriaId": "C79FA879-7855-467B-A98D-7D914940F9D3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered."
},
{
"lang": "es",
"value": "En el kernel de Linux versiones anteriores a 5.7.8, el archivo fs/nfsd/vfs.c (en el servidor NFS), puede establecer permisos incorrectos en nuevos objetos de un sistema de archivos cuando el sistema de archivos carece de soporte de ACL, tambi\u00e9n se conoce como CID-22cf8419f131. Esto ocurre porque no es considerada la umask actual."
}
],
"id": "CVE-2020-24394",
"lastModified": "2024-11-21T05:14:44.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-19T13:15:10.177",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.starwindsoftware.com/security/sw-20210325-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.starwindsoftware.com/security/sw-20210325-0004/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2020-AVI-715
Vulnerability from certfr_avis - Published: 2020-11-06 - Updated: 2020-11-06
De multiples vulnérabilités ont été découvertes dans le noyaux Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2020-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0431"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"initial_release_date": "2020-11-06T00:00:00",
"last_revision_date": "2020-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-715",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyaux Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyaux linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203181-1 du 05 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203181-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203188-1 du 05 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203188-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203187-1 du 05 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203187-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203178-1 du 05 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203178-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203186-1 du 05 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203186-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203180-1 du 05 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203180-1/"
}
]
}
CERTFR-2021-AVI-122
Vulnerability from certfr_avis - Published: 2021-02-17 - Updated: 2021-02-17
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 8 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 8 aarch64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 8 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 8 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.7 x86_64 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for Power, little endian 8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 8 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 8 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 8 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 8 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
}
],
"initial_release_date": "2021-02-17T00:00:00",
"last_revision_date": "2021-02-17T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-122",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2021:0526 du 16 f\u00e9vrier 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0526"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2021:0537 du 16 f\u00e9vrier 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0537"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2021:0558 du 16 f\u00e9vrier 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0558"
}
]
}
CERTFR-2020-AVI-553
Vulnerability from certfr_avis - Published: 2020-09-09 - Updated: 2020-09-09
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
}
],
"initial_release_date": "2020-09-09T00:00:00",
"last_revision_date": "2020-09-09T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-553",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202576-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202576-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202574-1 du 08 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202574-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202575-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202575-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202579-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202579-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202577-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202577-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202580-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202578-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202578-1 du 09 septembre 2020",
"url": null
}
]
}
CERTFR-2020-AVI-574
Vulnerability from certfr_avis - Published: 2020-09-16 - Updated: 2020-09-16
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP4-LTSS | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 9 | ||
| SUSE | N/A | SUSE OpenStack Cloud 9 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 9",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP4",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
}
],
"initial_release_date": "2020-09-16T00:00:00",
"last_revision_date": "2020-09-16T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-574",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nd\u00e9ni de service, un contournement de la politique de s\u00e9curit\u00e9 et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2020:2623-1 du 14 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202623-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2020:2631-1 du 14 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202631-1/"
}
]
}
CERTFR-2021-AVI-201
Vulnerability from certfr_avis - Published: 2021-03-17 - Updated: 2021-03-17
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV 7 x86_64 | ||
| Red Hat | N/A | Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.3 x86_64 | ||
| Red Hat | N/A | Red Hat Virtualization Host 4 for RHEL 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian 7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Scientific Computing 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems 7 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian 7 ppc64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.6 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Virtualization Host - Extended Update Support 4.2 for RHEL 7.6 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.3 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Virtualization Host 4 for RHEL 7 x86_64",
"product": {
"name": "N/A",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian 7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Scientific Computing 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Workstation 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems 7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, big endian 7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Desktop 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2020-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
}
],
"initial_release_date": "2021-03-17T00:00:00",
"last_revision_date": "2021-03-17T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-201",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:0856 du 16 mars 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0856"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:0857 du 16 mars 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0857"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:0878 du 16 mars 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0878"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2021:0848 du 16 mars 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0848"
}
]
}
CERTFR-2020-AVI-570
Vulnerability from certfr_avis - Published: 2020-09-14 - Updated: 2020-09-14
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-ESPOS | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-LTSS | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 15 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 15",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
}
],
"initial_release_date": "2020-09-14T00:00:00",
"last_revision_date": "2020-09-14T00:00:00",
"links": [
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
}
],
"reference": "CERTFR-2020-AVI-570",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": []
}
CERTFR-2020-AVI-568
Vulnerability from certfr_avis - Published: 2020-09-11 - Updated: 2020-09-11
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-BCL | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Enterprise Storage 5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | N/A | HPE Helion Openstack 8 | ||
| SUSE | N/A | SUSE OpenStack Cloud 8 | ||
| SUSE | N/A | SUSE OpenStack Cloud Crowbar 8 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Enterprise Storage 5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "HPE Helion Openstack 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2020-0305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0305"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
}
],
"initial_release_date": "2020-09-11T00:00:00",
"last_revision_date": "2020-09-11T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-568",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et\nun contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202582-1 du 09 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202582-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202605-1 du 11 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202605-1/"
}
]
}
CERTFR-2020-AVI-823
Vulnerability from certfr_avis - Published: 2020-12-16 - Updated: 2020-12-16
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support version 8.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service version 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Desktop version 7 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 version 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV version 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time version 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux Workstation version 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS version 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions version 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS version 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support version 8.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server version 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian version 7 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS version 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian version 8 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support version 8.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions version 7.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Scientific Computing version 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions version 8.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian version 8 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 version 8 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS version 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time version 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, big endian version 7 ppc64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 version 8 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV version 7 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems version 7 s390x | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support version 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 version 8 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time - Telecommunications Update Service version 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems version 8 s390x | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support version 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support version 8.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions version 8.2 ppc64le | ||
| Oracle | Virtualization | Red Hat Virtualization Host 4 for RHEL version 7 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support version 8.2 aarch64 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support version 8.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service version 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Desktop version 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 version 8 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV version 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time version 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Workstation version 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS version 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions version 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS version 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support version 8.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server version 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian version 7 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS version 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian version 8 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support version 8.2 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions version 7.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Scientific Computing version 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions version 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian version 8 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 version 8 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS version 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time version 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, big endian version 7 ppc64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 version 8 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV version 7 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems version 7 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support version 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 version 8 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service version 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems version 8 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support version 8.2 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support version 8.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions version 8.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Virtualization Host 4 for RHEL version 7 x86_64",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support version 8.2 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
}
],
"initial_release_date": "2020-12-16T00:00:00",
"last_revision_date": "2020-12-16T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-823",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-12-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de RedHat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2020:5506 du 15 d\u00e9cembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:5506"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2020:5428 du 15 d\u00e9cembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:5428"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2020:5437 du 15 d\u00e9cembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:5437"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2020:5473 du 15 d\u00e9cembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:5473"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2020:5441 du 15 d\u00e9cembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:5441"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2020:5418 du 15 d\u00e9cembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:5418"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2020:5430 du 15 d\u00e9cembre 2020",
"url": "https://access.redhat.com/errata/RHSA-2020:5430"
}
]
}
CERTFR-2020-AVI-548
Vulnerability from certfr_avis - Published: 2020-09-07 - Updated: 2020-09-07
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-18680",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18680"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-14814",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14814"
},
{
"name": "CVE-2019-14815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14815"
},
{
"name": "CVE-2020-14356",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14356"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2020-15780",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15780"
},
{
"name": "CVE-2020-16166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-16166"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2020-10135",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10135"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-15117",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15117"
}
],
"initial_release_date": "2020-09-07T00:00:00",
"last_revision_date": "2020-09-07T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-548",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-09-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202491-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202491-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202524-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202524-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202537-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202537-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202515-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202515-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202525-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202525-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202502-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202502-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202506-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202506-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202526-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202526-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202517-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202517-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202497-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202497-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202540-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202540-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202508-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202508-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202498-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202498-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202534-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202534-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202541-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202541-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202507-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202507-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202531-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202531-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202513-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202513-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202505-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202505-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202509-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202509-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202492-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202492-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20202499-1 du 04 septembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20202499-1/"
}
]
}
CERTFR-2020-AVI-719
Vulnerability from certfr_avis - Published: 2020-11-09 - Updated: 2020-11-10
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP2-LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP3-LTSS | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP 12-SP2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP4 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise Server 12-SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP 12-SP2",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14386",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14386"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2020-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0429"
},
{
"name": "CVE-2020-25641",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25641"
},
{
"name": "CVE-2020-0431",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0431"
},
{
"name": "CVE-2020-14381",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
}
],
"initial_release_date": "2020-11-09T00:00:00",
"last_revision_date": "2020-11-10T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-719",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-09T00:00:00.000000"
},
{
"description": "correction typographique",
"revision_date": "2020-11-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203225-1 du 06 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203225-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203222-1 du 06 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203222-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203204-1 du 06 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203204-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203210-1 du 06 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203210-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203219-1 du 06 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203219-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20203230-1 du 06 novembre 2020",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203230-1/"
}
]
}
CERTFR-2021-AVI-184
Vulnerability from certfr_avis - Published: 2021-03-11 - Updated: 2021-03-11
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - TUS 7.4 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64 | ||
| Red Hat | Red Hat CodeReady Linux Builder | Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le | ||
| Red Hat | Red Hat Enterprise Linux Server | Red Hat Enterprise Linux Server - AUS 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64 | ||
| Red Hat | Red Hat Enterprise Linux | Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.2 x86_64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.2 aarch64",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - TUS 7.4 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.2 ppc64le",
"product": {
"name": "Red Hat CodeReady Linux Builder",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux Server - AUS 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux Server",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
},
{
"description": "Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64",
"product": {
"name": "Red Hat Enterprise Linux",
"vendor": {
"name": "Red Hat",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2020-0444",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0444"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
}
],
"initial_release_date": "2021-03-11T00:00:00",
"last_revision_date": "2021-03-11T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-184",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-03-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nRed Hat. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Red Hat",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2021:0765 du 09 mars 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0765"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2021:0760 du 09 mars 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0760"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 le noyau Linux de Red Hat RHSA-2021:0774 du 09 mars 2021",
"url": "https://access.redhat.com/errata/RHSA-2021:0774"
}
]
}
CERTFR-2022-AVI-267
Vulnerability from certfr_avis - Published: 2022-03-23 - Updated: 2022-03-23
De multiples vulnérabilités ont été découvertes dans Juniper Networks Junos Space. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space | Juniper Networks Junos Space versions antérieures à 21.1R1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Networks Junos Space versions ant\u00e9rieures \u00e0 21.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13078",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13078"
},
{
"name": "CVE-2017-13077",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13077"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
},
{
"name": "CVE-2017-13082",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13082"
},
{
"name": "CVE-2017-13088",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13088"
},
{
"name": "CVE-2017-13086",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13086"
},
{
"name": "CVE-2017-13087",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13087"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2007-1351",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1351"
},
{
"name": "CVE-2007-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-1352"
},
{
"name": "CVE-2007-6284",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6284"
},
{
"name": "CVE-2008-2935",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-2935"
},
{
"name": "CVE-2008-3281",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3281"
},
{
"name": "CVE-2008-3529",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3529"
},
{
"name": "CVE-2008-4226",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4226"
},
{
"name": "CVE-2008-4225",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-4225"
},
{
"name": "CVE-2009-2414",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2414"
},
{
"name": "CVE-2009-2416",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2416"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2010-4008",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
},
{
"name": "CVE-2011-0411",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0411"
},
{
"name": "CVE-2011-1720",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1720"
},
{
"name": "CVE-2011-0216",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0216"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-2895",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
},
{
"name": "CVE-2011-3905",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3905"
},
{
"name": "CVE-2011-3919",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2012-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2807"
},
{
"name": "CVE-2012-2870",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2870"
},
{
"name": "CVE-2012-5134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5134"
},
{
"name": "CVE-2011-3102",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3102"
},
{
"name": "CVE-2013-2877",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2877"
},
{
"name": "CVE-2013-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0338"
},
{
"name": "CVE-2012-6139",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
},
{
"name": "CVE-2013-2566",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2566"
},
{
"name": "CVE-2013-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6462"
},
{
"name": "CVE-2014-0211",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0211"
},
{
"name": "CVE-2014-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3660"
},
{
"name": "CVE-2015-1803",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1803"
},
{
"name": "CVE-2015-1804",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1804"
},
{
"name": "CVE-2015-1802",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1802"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-2808",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
},
{
"name": "CVE-2014-8991",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8991"
},
{
"name": "CVE-2014-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7185"
},
{
"name": "CVE-2014-9365",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9365"
},
{
"name": "CVE-2015-6838",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6838"
},
{
"name": "CVE-2015-6837",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6837"
},
{
"name": "CVE-2015-7995",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2015-7499",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7499"
},
{
"name": "CVE-2015-8242",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8242"
},
{
"name": "CVE-2015-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7500"
},
{
"name": "CVE-2016-1762",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
},
{
"name": "CVE-2015-5312",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5312"
},
{
"name": "CVE-2016-1839",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
},
{
"name": "CVE-2016-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
},
{
"name": "CVE-2016-1837",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
},
{
"name": "CVE-2016-1834",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
},
{
"name": "CVE-2016-1840",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
},
{
"name": "CVE-2016-1836",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
},
{
"name": "CVE-2016-1838",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
},
{
"name": "CVE-2016-1684",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
},
{
"name": "CVE-2016-1683",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
},
{
"name": "CVE-2016-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
},
{
"name": "CVE-2016-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
},
{
"name": "CVE-2016-4449",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2016-3627",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
},
{
"name": "CVE-2016-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3115"
},
{
"name": "CVE-2016-5636",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5636"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2017-7376",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7376"
},
{
"name": "CVE-2017-7773",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7773"
},
{
"name": "CVE-2017-7772",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7772"
},
{
"name": "CVE-2017-7778",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7778"
},
{
"name": "CVE-2017-7771",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7771"
},
{
"name": "CVE-2017-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7774"
},
{
"name": "CVE-2017-7776",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7776"
},
{
"name": "CVE-2017-7777",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7777"
},
{
"name": "CVE-2017-7775",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7775"
},
{
"name": "CVE-2017-6463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6463"
},
{
"name": "CVE-2017-6462",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6462"
},
{
"name": "CVE-2017-6464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6464"
},
{
"name": "CVE-2017-14492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14492"
},
{
"name": "CVE-2017-14496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14496"
},
{
"name": "CVE-2017-14491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
},
{
"name": "CVE-2017-14493",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14493"
},
{
"name": "CVE-2017-14494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14494"
},
{
"name": "CVE-2017-14495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14495"
},
{
"name": "CVE-2017-5130",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5130"
},
{
"name": "CVE-2017-3736",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2017-3738",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2017-17807",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17807"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2018-11214",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
},
{
"name": "CVE-2015-9019",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2017-16932",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
},
{
"name": "CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-6914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6914"
},
{
"name": "CVE-2017-0898",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0898"
},
{
"name": "CVE-2018-8778",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8778"
},
{
"name": "CVE-2017-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14033"
},
{
"name": "CVE-2018-8780",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8780"
},
{
"name": "CVE-2017-17742",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17742"
},
{
"name": "CVE-2017-10784",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10784"
},
{
"name": "CVE-2017-17405",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17405"
},
{
"name": "CVE-2018-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8779"
},
{
"name": "CVE-2017-14064",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14064"
},
{
"name": "CVE-2018-8777",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8777"
},
{
"name": "CVE-2018-16395",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
},
{
"name": "CVE-2018-0737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
},
{
"name": "CVE-2018-16396",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
},
{
"name": "CVE-2018-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-1126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1126"
},
{
"name": "CVE-2018-7858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7858"
},
{
"name": "CVE-2018-1124",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1124"
},
{
"name": "CVE-2018-10897",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10897"
},
{
"name": "CVE-2018-1064",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1064"
},
{
"name": "CVE-2018-5683",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5683"
},
{
"name": "CVE-2017-13672",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13672"
},
{
"name": "CVE-2018-11212",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11212"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2018-20169",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20169"
},
{
"name": "CVE-2018-19985",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19985"
},
{
"name": "CVE-2019-1559",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
},
{
"name": "CVE-2019-6133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
},
{
"name": "CVE-2018-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18311"
},
{
"name": "CVE-2018-12127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
},
{
"name": "CVE-2018-12130",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
},
{
"name": "CVE-2019-11091",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
},
{
"name": "CVE-2018-12126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
},
{
"name": "CVE-2019-9503",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9503"
},
{
"name": "CVE-2019-10132",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10132"
},
{
"name": "CVE-2019-11190",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11190"
},
{
"name": "CVE-2019-11884",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11884"
},
{
"name": "CVE-2019-11487",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11487"
},
{
"name": "CVE-2019-12382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12382"
},
{
"name": "CVE-2018-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7191"
},
{
"name": "CVE-2019-5953",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5953"
},
{
"name": "CVE-2019-12614",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12614"
},
{
"name": "CVE-2019-11729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11729"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2018-1060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
},
{
"name": "CVE-2018-12327",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
},
{
"name": "CVE-2018-1061",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
},
{
"name": "CVE-2019-10639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10639"
},
{
"name": "CVE-2019-10638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10638"
},
{
"name": "CVE-2018-20836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20836"
},
{
"name": "CVE-2019-13233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13233"
},
{
"name": "CVE-2019-14283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14283"
},
{
"name": "CVE-2019-13648",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13648"
},
{
"name": "CVE-2019-10207",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10207"
},
{
"name": "CVE-2015-9289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9289"
},
{
"name": "CVE-2019-14816",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14816"
},
{
"name": "CVE-2019-15239",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15239"
},
{
"name": "CVE-2019-15917",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15917"
},
{
"name": "CVE-2017-18551",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18551"
},
{
"name": "CVE-2019-15217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15217"
},
{
"name": "CVE-2019-14821",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14821"
},
{
"name": "CVE-2019-11068",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11068"
},
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-15903",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
},
{
"name": "CVE-2019-17666",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17666"
},
{
"name": "CVE-2019-17133",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17133"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2019-11135",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
},
{
"name": "CVE-2019-0154",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
},
{
"name": "CVE-2019-17055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17055"
},
{
"name": "CVE-2019-17053",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17053"
},
{
"name": "CVE-2019-16746",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
},
{
"name": "CVE-2019-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0155"
},
{
"name": "CVE-2019-16233",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16233"
},
{
"name": "CVE-2019-15807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15807"
},
{
"name": "CVE-2019-16231",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16231"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2019-11745",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11745"
},
{
"name": "CVE-2019-19058",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19058"
},
{
"name": "CVE-2019-14895",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14895"
},
{
"name": "CVE-2019-19046",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19046"
},
{
"name": "CVE-2019-15916",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-15916"
},
{
"name": "CVE-2019-18660",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18660"
},
{
"name": "CVE-2019-19063",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19063"
},
{
"name": "CVE-2019-19062",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19062"
},
{
"name": "CVE-2018-14526",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14526"
},
{
"name": "CVE-2019-13734",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
},
{
"name": "CVE-2019-19530",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19530"
},
{
"name": "CVE-2019-19534",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19534"
},
{
"name": "CVE-2019-19524",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19524"
},
{
"name": "CVE-2019-14901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14901"
},
{
"name": "CVE-2019-19537",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19537"
},
{
"name": "CVE-2019-19523",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19523"
},
{
"name": "CVE-2019-19338",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19338"
},
{
"name": "CVE-2019-19332",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19332"
},
{
"name": "CVE-2019-19527",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19527"
},
{
"name": "CVE-2019-18808",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18808"
},
{
"name": "CVE-2019-19767",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19767"
},
{
"name": "CVE-2019-19807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19807"
},
{
"name": "CVE-2019-19055",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19055"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2019-9824",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2019-12749",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
},
{
"name": "CVE-2019-19447",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19447"
},
{
"name": "CVE-2019-20095",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20095"
},
{
"name": "CVE-2019-20054",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20054"
},
{
"name": "CVE-2019-18634",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18634"
},
{
"name": "CVE-2019-14898",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14898"
},
{
"name": "CVE-2019-16994",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16994"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-2732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2732"
},
{
"name": "CVE-2019-19059",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19059"
},
{
"name": "CVE-2019-3901",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3901"
},
{
"name": "CVE-2020-9383",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9383"
},
{
"name": "CVE-2020-8647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8647"
},
{
"name": "CVE-2020-8649",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8649"
},
{
"name": "CVE-2020-1749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1749"
},
{
"name": "CVE-2019-9458",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9458"
},
{
"name": "CVE-2020-10942",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10942"
},
{
"name": "CVE-2019-9454",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9454"
},
{
"name": "CVE-2020-11565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11565"
},
{
"name": "CVE-2020-10690",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10690"
},
{
"name": "CVE-2020-10751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10751"
},
{
"name": "CVE-2020-12826",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12826"
},
{
"name": "CVE-2020-12654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12654"
},
{
"name": "CVE-2020-10732",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10732"
},
{
"name": "CVE-2019-20636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20636"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12653",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12653"
},
{
"name": "CVE-2020-10757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10757"
},
{
"name": "CVE-2020-12770",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12770"
},
{
"name": "CVE-2020-12888",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12888"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2018-16881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
},
{
"name": "CVE-2018-19519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19519"
},
{
"name": "CVE-2020-10713",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10713"
},
{
"name": "CVE-2020-14311",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14311"
},
{
"name": "CVE-2020-14309",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14309"
},
{
"name": "CVE-2020-15706",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15706"
},
{
"name": "CVE-2020-14308",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14308"
},
{
"name": "CVE-2020-14310",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14310"
},
{
"name": "CVE-2020-15705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15705"
},
{
"name": "CVE-2020-15707",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15707"
},
{
"name": "CVE-2020-14331",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14331"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2020-14364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14364"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2020-14305",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
},
{
"name": "CVE-2020-10742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10742"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2018-20843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
},
{
"name": "CVE-2018-5729",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
},
{
"name": "CVE-2018-5730",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
},
{
"name": "CVE-2020-11868",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11868"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2019-13232",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13232"
},
{
"name": "CVE-2020-10531",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10531"
},
{
"name": "CVE-2019-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8696"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2019-8675",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8675"
},
{
"name": "CVE-2017-12652",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12652"
},
{
"name": "CVE-2019-12450",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12450"
},
{
"name": "CVE-2020-12825",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12825"
},
{
"name": "CVE-2020-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12243"
},
{
"name": "CVE-2019-14866",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14866"
},
{
"name": "CVE-2020-1983",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1983"
},
{
"name": "CVE-2019-5188",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5188"
},
{
"name": "CVE-2019-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5094"
},
{
"name": "CVE-2020-10754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10754"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2019-14822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14822"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2018-18751",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18751"
},
{
"name": "CVE-2019-9948",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9948"
},
{
"name": "CVE-2019-20386",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20386"
},
{
"name": "CVE-2017-13722",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13722"
},
{
"name": "CVE-2014-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0210"
},
{
"name": "CVE-2018-16403",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16403"
},
{
"name": "CVE-2018-15746",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15746"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2019-7638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7638"
},
{
"name": "CVE-2015-8241",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8241"
},
{
"name": "CVE-2019-10155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10155"
},
{
"name": "CVE-2018-11813",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11813"
},
{
"name": "CVE-2018-18310",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18310"
},
{
"name": "CVE-2018-1084",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1084"
},
{
"name": "CVE-2020-12662",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12662"
},
{
"name": "CVE-2012-4423",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4423"
},
{
"name": "CVE-2017-0902",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0902"
},
{
"name": "CVE-2018-8945",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8945"
},
{
"name": "CVE-2017-0899",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0899"
},
{
"name": "CVE-2010-2239",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2239"
},
{
"name": "CVE-2010-2242",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2242"
},
{
"name": "CVE-2017-14167",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14167"
},
{
"name": "CVE-2015-0225",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0225"
},
{
"name": "CVE-2019-11324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11324"
},
{
"name": "CVE-2013-6458",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6458"
},
{
"name": "CVE-2018-1000075",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000075"
},
{
"name": "CVE-2018-15857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15857"
},
{
"name": "CVE-2018-16062",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16062"
},
{
"name": "CVE-2018-10534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10534"
},
{
"name": "CVE-2014-0179",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0179"
},
{
"name": "CVE-2018-18384",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18384"
},
{
"name": "CVE-2013-1766",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1766"
},
{
"name": "CVE-2016-6580",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6580"
},
{
"name": "CVE-2018-12697",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12697"
},
{
"name": "CVE-2018-1000301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000301"
},
{
"name": "CVE-2019-11236",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11236"
},
{
"name": "CVE-2019-12155",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12155"
},
{
"name": "CVE-2017-0900",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0900"
},
{
"name": "CVE-2014-3598",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3598"
},
{
"name": "CVE-2017-1000050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000050"
},
{
"name": "CVE-2018-10535",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10535"
},
{
"name": "CVE-2019-3820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3820"
},
{
"name": "CVE-2018-16402",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16402"
},
{
"name": "CVE-2018-1116",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1116"
},
{
"name": "CVE-2018-15853",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15853"
},
{
"name": "CVE-2019-14378",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14378"
},
{
"name": "CVE-2016-1494",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1494"
},
{
"name": "CVE-2019-12312",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12312"
},
{
"name": "CVE-2013-0339",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0339"
},
{
"name": "CVE-2019-16935",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16935"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2016-6581",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6581"
},
{
"name": "CVE-2013-4520",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4520"
},
{
"name": "CVE-2014-3633",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3633"
},
{
"name": "CVE-2014-3004",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3004"
},
{
"name": "CVE-2015-9381",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9381"
},
{
"name": "CVE-2016-5361",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5361"
},
{
"name": "CVE-2018-14598",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14598"
},
{
"name": "CVE-2014-1447",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1447"
},
{
"name": "CVE-2018-20852",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20852"
},
{
"name": "CVE-2012-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2693"
},
{
"name": "CVE-2018-7208",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7208"
},
{
"name": "CVE-2018-12910",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12910"
},
{
"name": "CVE-2019-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8325"
},
{
"name": "CVE-2015-7497",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7497"
},
{
"name": "CVE-2019-7665",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7665"
},
{
"name": "CVE-2018-15854",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15854"
},
{
"name": "CVE-2019-13404",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13404"
},
{
"name": "CVE-2015-5160",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5160"
},
{
"name": "CVE-2018-10767",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10767"
},
{
"name": "CVE-2018-7550",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7550"
},
{
"name": "CVE-2016-3076",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3076"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2018-18521",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18521"
},
{
"name": "CVE-2018-19788",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19788"
},
{
"name": "CVE-2019-8322",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8322"
},
{
"name": "CVE-2019-3840",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3840"
},
{
"name": "CVE-2016-9189",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9189"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2018-14647",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14647"
},
{
"name": "CVE-2019-17041",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17041"
},
{
"name": "CVE-2019-14906",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14906"
},
{
"name": "CVE-2018-1000073",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000073"
},
{
"name": "CVE-2019-9947",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9947"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2019-7635",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7635"
},
{
"name": "CVE-2019-7576",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7576"
},
{
"name": "CVE-2019-14834",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14834"
},
{
"name": "CVE-2018-15855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15855"
},
{
"name": "CVE-2019-7149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7149"
},
{
"name": "CVE-2018-7642",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7642"
},
{
"name": "CVE-2019-5010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5010"
},
{
"name": "CVE-2018-12641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12641"
},
{
"name": "CVE-2021-3396",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3396"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2017-15268",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15268"
},
{
"name": "CVE-2018-15587",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15587"
},
{
"name": "CVE-2016-10746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10746"
},
{
"name": "CVE-2017-13711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13711"
},
{
"name": "CVE-2014-8131",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8131"
},
{
"name": "CVE-2014-9601",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9601"
},
{
"name": "CVE-2014-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3657"
},
{
"name": "CVE-2018-10373",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10373"
},
{
"name": "CVE-2017-17790",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17790"
},
{
"name": "CVE-2011-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2511"
},
{
"name": "CVE-2018-1000802",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000802"
},
{
"name": "CVE-2017-7555",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7555"
},
{
"name": "CVE-2016-9015",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9015"
},
{
"name": "CVE-2017-13720",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13720"
},
{
"name": "CVE-2018-11782",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11782"
},
{
"name": "CVE-2017-11671",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11671"
},
{
"name": "CVE-2017-10664",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10664"
},
{
"name": "CVE-2018-11213",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11213"
},
{
"name": "CVE-2013-6457",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6457"
},
{
"name": "CVE-2019-10138",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10138"
},
{
"name": "CVE-2019-7578",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7578"
},
{
"name": "CVE-2020-7039",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7039"
},
{
"name": "CVE-2017-11368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11368"
},
{
"name": "CVE-2018-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0494"
},
{
"name": "CVE-2019-20485",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20485"
},
{
"name": "CVE-2003-1418",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1418"
},
{
"name": "CVE-2017-15289",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15289"
},
{
"name": "CVE-2016-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5391"
},
{
"name": "CVE-2017-2810",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-2810"
},
{
"name": "CVE-2018-15864",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15864"
},
{
"name": "CVE-2017-18207",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18207"
},
{
"name": "CVE-2019-12761",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12761"
},
{
"name": "CVE-2013-5651",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5651"
},
{
"name": "CVE-2017-17522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17522"
},
{
"name": "CVE-2019-20382",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20382"
},
{
"name": "CVE-2016-2533",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2533"
},
{
"name": "CVE-2019-14287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14287"
},
{
"name": "CVE-2018-18520",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18520"
},
{
"name": "CVE-2019-9740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9740"
},
{
"name": "CVE-2019-7575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7575"
},
{
"name": "CVE-2015-5652",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5652"
},
{
"name": "CVE-2019-7572",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7572"
},
{
"name": "CVE-2017-6519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
},
{
"name": "CVE-2018-10906",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10906"
},
{
"name": "CVE-2018-15863",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15863"
},
{
"name": "CVE-2018-15862",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15862"
},
{
"name": "CVE-2018-1000079",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000079"
},
{
"name": "CVE-2019-7664",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7664"
},
{
"name": "CVE-2017-5992",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5992"
},
{
"name": "CVE-2019-16865",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16865"
},
{
"name": "CVE-2019-8324",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8324"
},
{
"name": "CVE-2018-1000076",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000076"
},
{
"name": "CVE-2018-1000030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000030"
},
{
"name": "CVE-2018-1000074",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000074"
},
{
"name": "CVE-2017-0901",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0901"
},
{
"name": "CVE-2018-7568",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7568"
},
{
"name": "CVE-2016-0775",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0775"
},
{
"name": "CVE-2018-15688",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15688"
},
{
"name": "CVE-2018-14599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14599"
},
{
"name": "CVE-2018-10733",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10733"
},
{
"name": "CVE-2016-9396",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9396"
},
{
"name": "CVE-2019-10160",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10160"
},
{
"name": "CVE-2017-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7562"
},
{
"name": "CVE-2016-1000032",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000032"
},
{
"name": "CVE-2017-15124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15124"
},
{
"name": "CVE-2018-1113",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1113"
},
{
"name": "CVE-2013-4399",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4399"
},
{
"name": "CVE-2019-7636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7636"
},
{
"name": "CVE-2014-3672",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3672"
},
{
"name": "CVE-2018-4700",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4700"
},
{
"name": "CVE-2017-0903",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0903"
},
{
"name": "CVE-2018-15856",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15856"
},
{
"name": "CVE-2018-1000078",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000078"
},
{
"name": "CVE-2019-7573",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7573"
},
{
"name": "CVE-2018-1000077",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000077"
},
{
"name": "CVE-2010-2237",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2237"
},
{
"name": "CVE-2018-1000876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000876"
},
{
"name": "CVE-2018-14348",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14348"
},
{
"name": "CVE-2019-3890",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3890"
},
{
"name": "CVE-2015-7498",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7498"
},
{
"name": "CVE-2019-7577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7577"
},
{
"name": "CVE-2016-0740",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0740"
},
{
"name": "CVE-2018-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4180"
},
{
"name": "CVE-2013-4297",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4297"
},
{
"name": "CVE-2010-2238",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2238"
},
{
"name": "CVE-2018-14600",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14600"
},
{
"name": "CVE-2017-13090",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13090"
},
{
"name": "CVE-2013-7336",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7336"
},
{
"name": "CVE-2018-10372",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10372"
},
{
"name": "CVE-2019-7637",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7637"
},
{
"name": "CVE-2018-11806",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11806"
},
{
"name": "CVE-2018-7643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7643"
},
{
"name": "CVE-2015-0236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0236"
},
{
"name": "CVE-2018-1000117",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000117"
},
{
"name": "CVE-2014-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0209"
},
{
"name": "CVE-2013-2230",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2230"
},
{
"name": "CVE-2018-1122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1122"
},
{
"name": "CVE-2014-3960",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3960"
},
{
"name": "CVE-2019-16056",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16056"
},
{
"name": "CVE-2020-12663",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12663"
},
{
"name": "CVE-2018-10768",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10768"
},
{
"name": "CVE-2017-16611",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16611"
},
{
"name": "CVE-2014-7823",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7823"
},
{
"name": "CVE-2020-10703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10703"
},
{
"name": "CVE-2018-7569",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7569"
},
{
"name": "CVE-2013-4154",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4154"
},
{
"name": "CVE-2018-20060",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20060"
},
{
"name": "CVE-2015-9382",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9382"
},
{
"name": "CVE-2017-18190",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18190"
},
{
"name": "CVE-2016-4009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4009"
},
{
"name": "CVE-2018-13033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13033"
},
{
"name": "CVE-2016-9190",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9190"
},
{
"name": "CVE-2019-7574",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7574"
},
{
"name": "CVE-2016-0772",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0772"
},
{
"name": "CVE-2016-5699",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5699"
},
{
"name": "CVE-2011-1486",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1486"
},
{
"name": "CVE-2020-5208",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5208"
},
{
"name": "CVE-2019-6778",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6778"
},
{
"name": "CVE-2020-10772",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10772"
},
{
"name": "CVE-2020-25637",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25637"
},
{
"name": "CVE-2018-10360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10360"
},
{
"name": "CVE-2018-15859",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15859"
},
{
"name": "CVE-2017-13089",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13089"
},
{
"name": "CVE-2019-12779",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12779"
},
{
"name": "CVE-2019-1010238",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1010238"
},
{
"name": "CVE-2019-6690",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6690"
},
{
"name": "CVE-2015-8317",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8317"
},
{
"name": "CVE-2018-4181",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4181"
},
{
"name": "CVE-2019-8323",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8323"
},
{
"name": "CVE-2016-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3616"
},
{
"name": "CVE-2018-14498",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14498"
},
{
"name": "CVE-2018-15861",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15861"
},
{
"name": "CVE-2019-7150",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-7150"
},
{
"name": "CVE-2019-17042",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17042"
},
{
"name": "CVE-2016-5008",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5008"
},
{
"name": "CVE-2014-4616",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4616"
}
],
"initial_release_date": "2022-03-23T00:00:00",
"last_revision_date": "2022-03-23T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-267",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks\nJunos Space. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Junos Space",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11176 du 22 mars 2022",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11176\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2022-AVI-916
Vulnerability from certfr_avis - Published: 2022-10-13 - Updated: 2022-10-13
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Networking versions antérieures à R22.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions antérieures à 3.1.1 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.2R1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO | ||
| Juniper Networks | N/A | Contrail Networking versions antérieures à 2011.L5 | ||
| Juniper Networks | N/A | Steel Belted Radius Carrier Edition versions antérieures à 8.6.0R16 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antérieures à 5.4.7 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions 5.5.x antérieures à 5.5.3 | ||
| Juniper Networks | N/A | Paragon Active Assurance (anciennement Netrounds) versions 3.2.x antérieures à 3.2.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions ant\u00e9rieures \u00e0 3.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.2R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Steel Belted Radius Carrier Edition versions ant\u00e9rieures \u00e0 8.6.0R16",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 5.4.7",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 5.5.x ant\u00e9rieures \u00e0 5.5.3",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance (anciennement Netrounds) versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-1343",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
},
{
"name": "CVE-2022-22243",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22243"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25710"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2022-22238",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22238"
},
{
"name": "CVE-2022-22249",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22249"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2022-22227",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22227"
},
{
"name": "CVE-2016-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2020-27777",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
},
{
"name": "CVE-2022-22208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22208"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2022-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22201"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-42771",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2018-20532",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20532"
},
{
"name": "CVE-2022-22246",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22246"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2020-29661",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
},
{
"name": "CVE-2022-22250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22250"
},
{
"name": "CVE-2022-22192",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22192"
},
{
"name": "CVE-2019-12735",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
},
{
"name": "CVE-2022-22239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22239"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2022-22241",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22241"
},
{
"name": "CVE-2020-25212",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
},
{
"name": "CVE-2019-2435",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2435"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-22226",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22226"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2021-4160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
},
{
"name": "CVE-2020-24394",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2019-19532",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
},
{
"name": "CVE-2020-14314",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2022-22229",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22229"
},
{
"name": "CVE-2018-20534",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20534"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2021-28165",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-22225",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22225"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2022-22245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22245"
},
{
"name": "CVE-2022-25314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-23990",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2018-10689",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10689"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2020-25705",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
},
{
"name": "CVE-2020-14385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
},
{
"name": "CVE-2022-22232",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22232"
},
{
"name": "CVE-2019-18282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-22240",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22240"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2019-20811",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2021-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2022-22234",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22234"
},
{
"name": "CVE-2022-22242",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22242"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2022-22251",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22251"
},
{
"name": "CVE-2008-5161",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
},
{
"name": "CVE-2022-22244",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22244"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2022-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22233"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2021-45417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45417"
},
{
"name": "CVE-2020-10769",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
},
{
"name": "CVE-2018-20533",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20533"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2020-25656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2022-22224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22224"
},
{
"name": "CVE-2021-20265",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-25211",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-22247",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22247"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2020-28374",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2022-22199",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22199"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-22236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22236"
},
{
"name": "CVE-2020-7053",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
},
{
"name": "CVE-2022-22248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22248"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-22220",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22220"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2022-22228",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22228"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-14351",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
},
{
"name": "CVE-2020-25709",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
},
{
"name": "CVE-2022-1434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
},
{
"name": "CVE-2020-25643",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
},
{
"name": "CVE-2022-22223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22223"
},
{
"name": "CVE-2020-25645",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2019-2684",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2684"
},
{
"name": "CVE-2021-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0543"
},
{
"name": "CVE-2021-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
},
{
"name": "CVE-2022-22231",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22231"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22235"
},
{
"name": "CVE-2020-0427",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-22211",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22211"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2022-22230",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22230"
},
{
"name": "CVE-2022-22237",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22237"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
}
],
"initial_release_date": "2022-10-13T00:00:00",
"last_revision_date": "2022-10-13T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-916",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69906",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-might-be-seen-due-to-mac-moves-within-the-same-bridge-domain-CVE-2022-22249"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69885",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-UTM-Enhanced-Content-Filtering-and-AntiVirus-are-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22231"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69888",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69886",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-Unified-Threat-Management-UTM-Enhanced-Content-Filtering-CF-is-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22232"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69899",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69881",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-SBR-Carrier-Multiple-Vulnerabilities-resolved-in-version-8-6-0R16-64-bit-Solaris-and-Linux-editions"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69894",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-rpd-process-will-crash-when-a-malformed-incoming-RESV-message-is-processed-CVE-2022-22238"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69898",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-core-upon-receipt-of-a-specific-EVPN-route-by-a-BGP-route-reflector-in-an-EVPN-environment-CVE-2022-22199"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69895",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-The-ssh-CLI-command-always-runs-as-root-which-can-lead-to-privilege-escalation-CVE-2022-22239"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69908",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-cSRX-Series-Storing-Passwords-in-a-Recoverable-Format-and-software-permissions-issues-allows-a-local-attacker-to-elevate-privileges-CVE-2022-22251"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69874",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PPMD-goes-into-infinite-loop-upon-receipt-of-malformed-OSPF-TLV-CVE-2022-22224"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69902",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Due-to-a-race-condition-the-rpd-process-can-crash-upon-receipt-of-a-BGP-update-message-containing-flow-spec-route-CVE-2022-22220"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69879",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-can-occur-due-to-memory-corruption-caused-by-flapping-BGP-sessions-CVE-2022-22208"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69890",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX2300-and-EX3400-Series-One-of-more-SFPs-might-become-unavailable-when-the-system-is-very-busy-CVE-2022-22234"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69875",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-multipath-scenario-when-one-of-the-contributing-routes-is-flapping-often-and-rapidly-rpd-may-crash-CVE-2022-22225"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69915",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-An-attacker-can-cause-a-kernel-panic-by-sending-a-malformed-TCP-packet-to-the-device-CVE-2022-22192"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69878",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Specific-IPv6-transit-traffic-gets-exceptioned-to-the-routing-engine-which-will-cause-increased-CPU-utilization-CVE-2022-22227"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69907",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-FPC-might-crash-and-reload-if-the-EVPN-MAC-entry-is-move-from-local-to-remote-CVE-2022-22250"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69891",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-will-be-observed-when-malformed-GPRS-traffic-is-processed-CVE-2022-22235"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69882",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69876",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX4300-MP-EX4600-QFX5000-Series-In-VxLAN-scenarios-specific-packets-processed-cause-a-memory-leak-leading-to-a-PFE-crash-CVE-2022-22226"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69892",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-When-specific-valid-SIP-packets-are-received-the-PFE-will-crash-CVE-2022-22236"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69889",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69887",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-SR-to-LDP-interworking-scenario-with-SRMS-when-a-specific-low-privileged-command-is-issued-on-an-ABR-rpd-will-crash-CVE-2022-22233"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69900",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX5000-Series-with-SPC3-SRX4000-Series-and-vSRX-When-PowerMode-IPsec-is-configured-the-PFE-will-crash-upon-receipt-of-a-malformed-ESP-packet-CVE-2022-22201"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69884",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-specific-OSPFv3-LSAs-CVE-2022-22230"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69901",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Upon-processing-of-a-genuine-packet-the-pkid-process-will-crash-during-CMPv2-auto-re-enrollment-CVE-2022-22218"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69905",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Incorrect-file-permissions-can-allow-low-privileged-user-to-cause-another-user-to-execute-arbitrary-commands-CVE-2022-22248"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69893",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Peers-not-configured-for-TCP-AO-can-establish-a-BGP-or-LDP-session-even-if-authentication-is-configured-locally-CVE-2022-22237"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69904",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Kernel-processing-of-unvalidated-TCP-segments-could-lead-to-a-Denial-of-Service-DoS-CVE-2022-22247"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69880",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-On-IPv6-OAM-SRv6-network-enabled-devices-an-attacker-sending-a-specific-genuine-packet-to-an-IPv6-address-configured-on-the-device-may-cause-a-RPD-memory-leak-leading-to-an-RPD-core-CVE-2022-22228"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69873",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-QFX10000-Series-In-IP-MPLS-PHP-node-scenarios-upon-receipt-of-certain-crafted-packets-multiple-interfaces-in-LAG-configurations-may-detach-CVE-2022-22223"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69896",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-memory-leak-might-be-observed-while-running-a-specific-cli-command-in-a-RIB-sharding-scenario-CVE-2022-22240"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69897",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L5"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69916",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-Multiple-FPCs-become-unreachable-due-to-continuous-polling-of-specific-SNMP-OID-CVE-2022-22211"
},
{
"published_at": "2022-10-12",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69883",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Paragon-Active-Assurance-Formerly-Netrounds-Stored-Cross-site-Scripting-XSS-vulnerability-in-web-administration-CVE-2022-22229"
}
]
}
GHSA-FVV9-QHMX-C8WM
Vulnerability from github – Published: 2022-05-24 17:26 – Updated: 2022-10-12 12:00
VLAI?
Details
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
Severity ?
7.1 (High)
{
"affected": [],
"aliases": [
"CVE-2020-24394"
],
"database_specific": {
"cwe_ids": [
"CWE-732"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-08-19T13:15:00Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.",
"id": "GHSA-fvv9-qhmx-c8wm",
"modified": "2022-10-12T12:00:21Z",
"published": "2022-05-24T17:26:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-24394"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200904-0003"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4465-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4483-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4485-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"type": "WEB",
"url": "https://www.starwindsoftware.com/security/sw-20210325-0004"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
CNVD-2020-49573
Vulnerability from cnvd - Published: 2020-08-31
VLAI Severity ?
Title
Linux kernel权限提升漏洞(CNVD-2020-49573)
Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。
Linux kernel 5.7.8之前版本中存在安全漏洞。攻击者可利用该漏洞为新增的文件系统对象设置不正确权限。
Severity
中
Patch Name
Linux kernel权限提升漏洞(CNVD-2020-49573)的补丁
Patch Description
Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。
Linux kernel 5.7.8之前版本中存在安全漏洞。攻击者可利用该漏洞为新增的文件系统对象设置不正确权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-24394
Impacted products
| Name | Linux Linux kernel <5.7.8 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-24394",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-24394"
}
},
"description": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\n\nLinux kernel 5.7.8\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e3a\u65b0\u589e\u7684\u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u8bbe\u7f6e\u4e0d\u6b63\u786e\u6743\u9650\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-49573",
"openTime": "2020-08-31",
"patchDescription": "Linux kernel\u662f\u7f8e\u56fdLinux\u57fa\u91d1\u4f1a\u53d1\u5e03\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edfLinux\u6240\u4f7f\u7528\u7684\u5185\u6838\u3002\r\n\r\nLinux kernel 5.7.8\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4e3a\u65b0\u589e\u7684\u6587\u4ef6\u7cfb\u7edf\u5bf9\u8c61\u8bbe\u7f6e\u4e0d\u6b63\u786e\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Linux kernel\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2020-49573\uff09\u7684\u8865\u4e01",
"products": {
"product": "Linux Linux kernel \u003c5.7.8"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-24394",
"serverity": "\u4e2d",
"submitTime": "2020-08-24",
"title": "Linux kernel\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2020-49573\uff09"
}
GSD-2020-24394
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-24394",
"description": "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.",
"id": "GSD-2020-24394",
"references": [
"https://www.suse.com/security/cve/CVE-2020-24394.html",
"https://access.redhat.com/errata/RHSA-2021:1739",
"https://access.redhat.com/errata/RHSA-2021:1578",
"https://access.redhat.com/errata/RHSA-2021:0878",
"https://access.redhat.com/errata/RHSA-2021:0760",
"https://access.redhat.com/errata/RHSA-2021:0526",
"https://access.redhat.com/errata/RHSA-2020:5441",
"https://access.redhat.com/errata/RHSA-2020:5437",
"https://ubuntu.com/security/CVE-2020-24394",
"https://linux.oracle.com/cve/CVE-2020-24394.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-24394"
],
"details": "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.",
"id": "GSD-2020-24394",
"modified": "2023-12-13T01:22:12.441713Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8",
"refsource": "MISC",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8"
},
{
"name": "USN-4465-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"name": "openSUSE-SU-2020:1325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"name": "USN-4483-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4485-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200904-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200904-0003/"
},
{
"name": "https://www.starwindsoftware.com/security/sw-20210325-0004/",
"refsource": "MISC",
"url": "https://www.starwindsoftware.com/security/sw-20210325-0004/"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.7.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12533:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12658:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build12859:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13170:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13586:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build13861:*:*:*:vsphere:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24394"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832"
},
{
"name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8",
"refsource": "MISC",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8"
},
{
"name": "USN-4465-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4465-1/"
},
{
"name": "openSUSE-SU-2020:1325",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200904-0003/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200904-0003/"
},
{
"name": "USN-4483-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4483-1/"
},
{
"name": "USN-4485-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4485-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.starwindsoftware.com/security/sw-20210325-0004/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.starwindsoftware.com/security/sw-20210325-0004/"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2022-10-25T17:03Z",
"publishedDate": "2020-08-19T13:15Z"
}
}
}
cve-2020-24394
Vulnerability from osv_almalinux
Published
2021-05-18 05:33
Modified
2021-08-11 08:54
Summary
Important: kernel security, bug fix, and enhancement update
Details
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
-
kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)
-
kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)
-
kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)
-
kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)
-
kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)
-
kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)
-
kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)
-
kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)
-
kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)
-
kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)
-
kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)
-
kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)
-
kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)
-
kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)
-
kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)
-
kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)
-
kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)
-
kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)
-
kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)
-
kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (CVE-2020-35508)
-
kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)
-
kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)
-
kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "kernel-tools-libs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.18.0-305.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Integer overflow in Intel(R) Graphics Drivers (CVE-2020-12362)\n\n* kernel: memory leak in sof_set_get_large_ctrl_data() function in sound/soc/sof/ipc.c (CVE-2019-18811)\n\n* kernel: use-after-free caused by a malicious USB device in the drivers/usb/misc/adutux.c driver (CVE-2019-19523)\n\n* kernel: use-after-free bug caused by a malicious USB device in the drivers/usb/misc/iowarrior.c driver (CVE-2019-19528)\n\n* kernel: possible out of bounds write in kbd_keycode of keyboard.c (CVE-2020-0431)\n\n* kernel: DoS by corrupting mountpoint reference counter (CVE-2020-12114)\n\n* kernel: use-after-free in usb_sg_cancel function in drivers/usb/core/message.c (CVE-2020-12464)\n\n* kernel: buffer uses out of index in ext3/4 filesystem (CVE-2020-14314)\n\n* kernel: Use After Free vulnerability in cgroup BPF component (CVE-2020-14356)\n\n* kernel: NULL pointer dereference in serial8250_isa_init_ports function in drivers/tty/serial/8250/8250_core.c (CVE-2020-15437)\n\n* kernel: umask not applied on filesystem without ACL support (CVE-2020-24394)\n\n* kernel: TOCTOU mismatch in the NFS client code (CVE-2020-25212)\n\n* kernel: incomplete permission checking for access to rbd devices (CVE-2020-25284)\n\n* kernel: race condition between hugetlb sysctl handlers in mm/hugetlb.c (CVE-2020-25285)\n\n* kernel: improper input validation in ppp_cp_parse_cr function leads to memory corruption and read overflow (CVE-2020-25643)\n\n* kernel: perf_event_parse_addr_filter memory (CVE-2020-25704)\n\n* kernel: use-after-free in kernel midi subsystem (CVE-2020-27786)\n\n* kernel: child process is able to access parent mm through hfi dev file handle (CVE-2020-27835)\n\n* kernel: slab-out-of-bounds read in fbcon (CVE-2020-28974)\n\n* kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting -\u003ereal_parent (CVE-2020-35508)\n\n* kernel: fuse: fuse_do_getattr() calls make_bad_inode() in inappropriate situations (CVE-2020-36322)\n\n* kernel: use after free in tun_get_user of tun.c could lead to local escalation of privilege (CVE-2021-0342)\n\n* kernel: NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs in drivers/media/usb/gspca/ov519.c (CVE-2020-11608)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:1578",
"modified": "2021-08-11T08:54:00Z",
"published": "2021-05-18T05:33:57Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-18811"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19523"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2019-19528"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-0431"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-11608"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12114"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12362"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12363"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12364"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-12464"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-14314"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-14356"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-15437"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-24394"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25212"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25284"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25285"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25643"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-25704"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-27786"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-27835"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-28974"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-35508"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36322"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-0342"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-0605"
}
],
"related": [
"CVE-2020-12362",
"CVE-2019-18811",
"CVE-2019-19523",
"CVE-2019-19528",
"CVE-2020-0431",
"CVE-2020-12114",
"CVE-2020-12464",
"CVE-2020-14314",
"CVE-2020-14356",
"CVE-2020-15437",
"CVE-2020-24394",
"CVE-2020-25212",
"CVE-2020-25284",
"CVE-2020-25285",
"CVE-2020-25643",
"CVE-2020-25704",
"CVE-2020-27786",
"CVE-2020-27835",
"CVE-2020-28974",
"CVE-2020-35508",
"CVE-2020-36322",
"CVE-2021-0342",
"CVE-2020-11608"
],
"summary": "Important: kernel security, bug fix, and enhancement update"
}
CVE-2020-24394
Vulnerability from fstec - Published: 17.06.2020
VLAI Severity ?
Title
Уязвимость компонента fs/nfsd/vfs.c ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Description
Уязвимость компонента fs/nfsd/vfs.c ядра операционной системы Linux связана с недостаточной проверкой присвоения разрешений для критичного ресурса. Эксплуатация уязвимости может позволить нарушителю получить несанкционированный доступ к защищаемой информации
Severity ?
Vendor
Сообщество свободного программного обеспечения, Canonical Ltd., Novell Inc., ООО «РусБИТех-Астра»
Software Name
Debian GNU/Linux, Ubuntu, OpenSUSE Leap, Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Linux
Software Version
9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 20.04 LTS (Ubuntu), 16.04 ESM (Ubuntu), от 4.10 до 4.14.187 включительно (Linux), от 4.15 до 4.19.131 включительно (Linux), от 4.20 до 5.4.50 включительно (Linux), от 5.5 до 5.7.7 включительно (Linux)
Possible Mitigations
Использование рекомендаций:
Для Linux:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.188
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.132
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.51
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2020-24394
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2020-24394
Для Ubuntu:
https://ubuntu.com/security/notices/USN-4465-1
https://ubuntu.com/security/notices/USN-4483-1
https://ubuntu.com/security/notices/USN-4485-1
Для программных продуктов Novell Inc.:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PR7IAIXMEHH4XQP5TC46UTZY6KWF5277/
Для ОС Astra Linux:
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html
https://access.redhat.com/security/cve/CVE-2020-24394
https://bugs.debian.org/962254
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24394
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.188
https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.132
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.51
https://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PR7IAIXMEHH4XQP5TC46UTZY6KWF5277/
https://security.netapp.com/advisory/ntap-20200904-0003/
https://security-tracker.debian.org/tracker/CVE-2020-24394
https://ubuntu.com/security/notices/USN-4465-1
https://ubuntu.com/security/notices/USN-4483-1
https://ubuntu.com/security/notices/USN-4485-1
https://usn.ubuntu.com/4465-1/
https://usn.ubuntu.com/4483-1/
https://usn.ubuntu.com/4485-1/
https://usn.ubuntu.com/usn/usn-4465-1
https://usn.ubuntu.com/usn/usn-4483-1
https://usn.ubuntu.com/usn/usn-4485-1
https://www.cve.org/CVERecord?id=CVE-2020-24394
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.starwindsoftware.com/security/sw-20210325-0004/
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81
CWE
CWE-732
{
"CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:N",
"CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 15.1 (OpenSUSE Leap), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 20.04 LTS (Ubuntu), 16.04 ESM (Ubuntu), \u043e\u0442 4.10 \u0434\u043e 4.14.187 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.131 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20 \u0434\u043e 5.4.50 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 5.5 \u0434\u043e 5.7.7 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Linux:\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.188\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.132\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.51\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2020-24394\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2020-24394\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4465-1\nhttps://ubuntu.com/security/notices/USN-4483-1\nhttps://ubuntu.com/security/notices/USN-4485-1\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PR7IAIXMEHH4XQP5TC46UTZY6KWF5277/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "17.06.2020",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.01.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.06.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03188",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-24394",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ubuntu, OpenSUSE Leap, Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Linux",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Novell Inc. OpenSUSE Leap 15.1 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 16.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux \u0434\u043e 5.7.8 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 fs/nfsd/vfs.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0438\u0435 \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 (CWE-732)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 fs/nfsd/vfs.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u0440\u0438\u0441\u0432\u043e\u0435\u043d\u0438\u044f \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html\nhttps://access.redhat.com/security/cve/CVE-2020-24394\nhttps://bugs.debian.org/962254\nhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962254\nhttps://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24394\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=22cf8419f1319ff87ec759d0ebdff4cbafaee832\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.188\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.132\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.51\nhttps://kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.8\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/PR7IAIXMEHH4XQP5TC46UTZY6KWF5277/\nhttps://security.netapp.com/advisory/ntap-20200904-0003/\nhttps://security-tracker.debian.org/tracker/CVE-2020-24394\nhttps://ubuntu.com/security/notices/USN-4465-1\nhttps://ubuntu.com/security/notices/USN-4483-1\nhttps://ubuntu.com/security/notices/USN-4485-1\nhttps://usn.ubuntu.com/4465-1/\nhttps://usn.ubuntu.com/4483-1/\nhttps://usn.ubuntu.com/4485-1/\nhttps://usn.ubuntu.com/usn/usn-4465-1\nhttps://usn.ubuntu.com/usn/usn-4483-1\nhttps://usn.ubuntu.com/usn/usn-4485-1\nhttps://www.cve.org/CVERecord?id=CVE-2020-24394\nhttps://www.oracle.com/security-alerts/cpuApr2021.html\nhttps://www.starwindsoftware.com/security/sw-20210325-0004/\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20241206SE81",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-732",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,1)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…