Vulnerability-Lookup

CVE-2021-0399 (GCVE-0-2021-0399)

Vulnerability from cvelistv5 – Published: 2021-03-10 15:41 – Updated: 2024-08-03 15:40

Summary

In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel

Severity ?

No CVSS data available.

CWE

Elevation of privilege

Assigner

google_android

References

URL

Tags

https://source.android.com/security/bulletin/2021-03-01

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Android	Affected: Android kernel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:40:01.290Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2021-03-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android kernel"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of privilege",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-10T15:41:26.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/2021-03-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2021-0399",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android kernel"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Elevation of privilege"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2021-03-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/2021-03-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2021-0399",
    "datePublished": "2021-03-10T15:41:26.000Z",
    "dateReserved": "2020-11-06T00:00:00.000Z",
    "dateUpdated": "2024-08-03T15:40:01.290Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-HC9R-VRRG-QRWW

Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-05-24 17:44

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-0399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-10T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel",
  "id": "GHSA-hc9r-vrrg-qrww",
  "modified": "2022-05-24T17:44:09Z",
  "published": "2022-05-24T17:44:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0399"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2021-03-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CVE-2021-0399

Vulnerability from fstec - Published: 10.03.2021

Title

Уязвимость функции qtaguid_untag файла xt_qtaguid.c ядра операционной системы Android, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость функции qtaguid_untag файла xt_qtaguid.c ядра операционной системы Android связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Google Inc

Software Name

Android

Software Version

- (Android)

Possible Mitigations

Использование рекомендаций: https://source.android.com/security/bulletin/2021-03-01

Reference

https://source.android.com/security/bulletin/2021-03-01

CWE

CWE-416

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Google Inc",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Android)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://source.android.com/security/bulletin/2021-03-01",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "08.10.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.04.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-02864",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-0399",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Android",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Google Inc Android - ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 qtaguid_untag \u0444\u0430\u0439\u043b\u0430 xt_qtaguid.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f (CWE-416)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 qtaguid_untag \u0444\u0430\u0439\u043b\u0430 xt_qtaguid.c \u044f\u0434\u0440\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b Android \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u043e\u0441\u043b\u0435 \u0435\u0451 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://source.android.com/security/bulletin/2021-03-01",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-416",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

FKIE_CVE-2021-0399

Vulnerability from fkie_nvd - Published: 2021-03-10 16:15 - Updated: 2024-11-21 05:42

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@android.com	https://source.android.com/security/bulletin/2021-03-01	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://source.android.com/security/bulletin/2021-03-01	Vendor Advisory

Impacted products

	Vendor	Product	Version
	google	android	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel"
    },
    {
      "lang": "es",
      "value": "En la funci\u00f3n qtaguid_untag del archivo xt_qtaguid.c, se presenta una posible corrupci\u00f3n de memoria debido a un uso de la memoria previamente liberada.\u0026#xa0;Esto podr\u00eda conllevar a una escalada de privilegios local sin ser necesarios privilegios de ejecuci\u00f3n adicionales.\u0026#xa0;No es requerida una interacci\u00f3n del usuario para su explotaci\u00f3n. Producto: Android, Versiones: Kernel de Android, ID de Android: A-176919394 Referencias: Kernel ascendente"
    }
  ],
  "id": "CVE-2021-0399",
  "lastModified": "2024-11-21T05:42:38.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-10T16:15:16.530",
  "references": [
    {
      "source": "security@android.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2021-03-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://source.android.com/security/bulletin/2021-03-01"
    }
  ],
  "sourceIdentifier": "security@android.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-26352

Vulnerability from cnvd - Published: 2021-04-09

Title

Google Android Kernel组件权限提升漏洞（CNVD-2021-26352）

Description

Android是美国Google公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。 Google Android的Kernel组件xt_qtaguid存在权限提升漏洞。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Google Android Kernel组件权限提升漏洞（CNVD-2021-26352）的补丁

Patch Description

Android是美国Google公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。 Google Android的Kernel组件xt_qtaguid存在权限提升漏洞。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://source.android.com/security/bulletin/2021-03-01

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-0399

Impacted products

Name
Google Android

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-0399",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-0399"
    }
  },
  "description": "Android\u662f\u7f8e\u56fdGoogle\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002\n\n\nGoogle Android\u7684Kernel\u7ec4\u4ef6xt_qtaguid\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://source.android.com/security/bulletin/2021-03-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-26352",
  "openTime": "2021-04-09",
  "patchDescription": "Android\u662f\u7f8e\u56fdGoogle\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\n\r\nGoogle Android\u7684Kernel\u7ec4\u4ef6xt_qtaguid\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Android Kernel\u7ec4\u4ef6\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2021-26352\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Google Android"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-0399",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-02",
  "title": "Google Android Kernel\u7ec4\u4ef6\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff08CNVD-2021-26352\uff09"
}

GSD-2021-0399

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-0399

Aliases

CVE-2021-0399

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-0399",
    "description": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel",
    "id": "GSD-2021-0399"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-0399"
      ],
      "details": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel",
      "id": "GSD-2021-0399",
      "modified": "2023-12-13T01:23:07.899531Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@android.com",
        "ID": "CVE-2021-0399",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Android",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Android kernel"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://source.android.com/security/bulletin/2021-03-01",
            "refsource": "MISC",
            "url": "https://source.android.com/security/bulletin/2021-03-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2021-0399"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In qtaguid_untag of xt_qtaguid.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176919394References: Upstream kernel"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2021-03-01",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://source.android.com/security/bulletin/2021-03-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-03-15T20:16Z",
      "publishedDate": "2021-03-10T16:15Z"
    }
  }
}

CERTFR-2024-AVI-0203

Vulnerability from certfr_avis - Published: 2024-03-12 - Updated: 2024-03-12

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Cerberus PRO EN Engineering Tool versions antérieures à IP8
Siemens	N/A	SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0
Siemens	N/A	SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0
Siemens	N/A	Sinteso FS20 EN Fire Panel FC20 versions antérieures à MP8
Siemens	N/A	RUGGEDCOM APE1808 avec Fortinet NGFW versions antérieures à V7.4.1
Siemens	N/A	Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016
Siemens	N/A	Cerberus PRO EN X200 Cloud Distribution versions V4.0.x antérieures à V4.0.5016
Siemens	N/A	SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions
Siemens	N/A	Sinteso FS20 EN Engineering Tool versions antérieures à MP8
Siemens	N/A	SIMATIC RF160B (6GT2003-0FA00) versions antérieures à V2.2
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à V3.2
Siemens	N/A	Solid Edge versions antérieures à V223.0.11
Siemens	N/A	Siveillance Control versions supérieures ou égales à V2.8 versions antérieures à V3.1.1
Siemens	N/A	Cerberus PRO EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617
Siemens	N/A	Cerberus PRO EN Fire Panel FC72x versions antérieures à IP8
Siemens	N/A	SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0
Siemens	N/A	Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015
Siemens	N/A	SINEMA Remote Connect Client versions antérieures à V3.1 SP1
Siemens	N/A	SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions supérieures ou égales à V3.2.3 versions antérieures à V3.3.0
Siemens	N/A	Cerberus PRO EN X300 Cloud Distribution versions V4.2.x antérieures à V4.2.5015
Siemens	N/A	Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618
Siemens	N/A	Cerberus PRO EN X200 Cloud Distribution versions V4.3.x antérieures à V4.3.5618
Siemens	N/A	Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x antérieures à V4.3.5617
Siemens	N/A	Sinteso Mobile versions antérieures à V3.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-792319 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-918992 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-353002 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-653855 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-225840 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-145196 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-382651 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-832273 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-366067 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-770721 du 12 mars 2024	None	vendor-advisory
Bulletin de sécurité Siemens SSA-576771 du 12 mars 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cerberus PRO EN Engineering Tool versions ant\u00e9rieures \u00e0 IP8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN Fire Panel FC20 versions ant\u00e9rieures \u00e0 MP8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM APE1808 avec Fortinet NGFW versions ant\u00e9rieures \u00e0 V7.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN X200 Cloud Distribution versions V4.0.x ant\u00e9rieures \u00e0 V4.0.5016",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 3KC ATC6 Expansion Module Ethernet toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN Engineering Tool versions ant\u00e9rieures \u00e0 MP8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF160B (6GT2003-0FA00) versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge versions ant\u00e9rieures \u00e0 V223.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Control versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.8 versions ant\u00e9rieures \u00e0 V3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN Fire Panel FC72x versions ant\u00e9rieures \u00e0 IP8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Client versions ant\u00e9rieures \u00e0 V3.1 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V3.2.3 versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN X300 Cloud Distribution versions V4.2.x ant\u00e9rieures \u00e0 V4.2.5015",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus PRO EN X200 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5618",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso FS20 EN X300 Cloud Distribution versions V4.3.x ant\u00e9rieures \u00e0 V4.3.5617",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Sinteso Mobile versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0646"
    },
    {
      "name": "CVE-2017-18509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18509"
    },
    {
      "name": "CVE-2021-0599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0599"
    },
    {
      "name": "CVE-2021-0443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0443"
    },
    {
      "name": "CVE-2022-20462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20462"
    },
    {
      "name": "CVE-2021-0598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0598"
    },
    {
      "name": "CVE-2021-0438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0438"
    },
    {
      "name": "CVE-2021-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0651"
    },
    {
      "name": "CVE-2021-0585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0585"
    },
    {
      "name": "CVE-2021-0331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0331"
    },
    {
      "name": "CVE-2021-0509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0509"
    },
    {
      "name": "CVE-2021-0601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0601"
    },
    {
      "name": "CVE-2021-0478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0478"
    },
    {
      "name": "CVE-2021-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
    },
    {
      "name": "CVE-2021-0600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0600"
    },
    {
      "name": "CVE-2021-0928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0928"
    },
    {
      "name": "CVE-2021-0484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0484"
    },
    {
      "name": "CVE-2023-36641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36641"
    },
    {
      "name": "CVE-2021-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0642"
    },
    {
      "name": "CVE-2021-0341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
    },
    {
      "name": "CVE-2023-38546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38546"
    },
    {
      "name": "CVE-2022-41329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41329"
    },
    {
      "name": "CVE-2021-0597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0597"
    },
    {
      "name": "CVE-2020-24587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24587"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2022-20421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
    },
    {
      "name": "CVE-2021-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0593"
    },
    {
      "name": "CVE-2022-20498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20498"
    },
    {
      "name": "CVE-2021-0473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0473"
    },
    {
      "name": "CVE-2022-41328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41328"
    },
    {
      "name": "CVE-2022-42474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42474"
    },
    {
      "name": "CVE-2021-0870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0870"
    },
    {
      "name": "CVE-2020-0417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0417"
    },
    {
      "name": "CVE-2020-29660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29660"
    },
    {
      "name": "CVE-2021-0604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0604"
    },
    {
      "name": "CVE-2021-0522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0522"
    },
    {
      "name": "CVE-2021-39629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39629"
    },
    {
      "name": "CVE-2020-29661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
    },
    {
      "name": "CVE-2021-38204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38204"
    },
    {
      "name": "CVE-2022-20229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20229"
    },
    {
      "name": "CVE-2023-33306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33306"
    },
    {
      "name": "CVE-2022-39948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39948"
    },
    {
      "name": "CVE-2022-20423",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20423"
    },
    {
      "name": "CVE-2021-0396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
    },
    {
      "name": "CVE-2021-0650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0650"
    },
    {
      "name": "CVE-2021-0329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0329"
    },
    {
      "name": "CVE-2023-41675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41675"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-27997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27997"
    },
    {
      "name": "CVE-2023-29183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29183"
    },
    {
      "name": "CVE-2021-0471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0471"
    },
    {
      "name": "CVE-2023-29181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29181"
    },
    {
      "name": "CVE-2021-0963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0963"
    },
    {
      "name": "CVE-2021-0327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0327"
    },
    {
      "name": "CVE-2021-0653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0653"
    },
    {
      "name": "CVE-2021-0690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0690"
    },
    {
      "name": "CVE-2021-39634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39634"
    },
    {
      "name": "CVE-2021-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0596"
    },
    {
      "name": "CVE-2023-47537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47537"
    },
    {
      "name": "CVE-2023-28002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28002"
    },
    {
      "name": "CVE-2023-22641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22641"
    },
    {
      "name": "CVE-2021-0919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0919"
    },
    {
      "name": "CVE-2021-0968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0968"
    },
    {
      "name": "CVE-2022-20500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20500"
    },
    {
      "name": "CVE-2021-29647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29647"
    },
    {
      "name": "CVE-2021-0521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0521"
    },
    {
      "name": "CVE-2020-11301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11301"
    },
    {
      "name": "CVE-2021-0953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0953"
    },
    {
      "name": "CVE-2021-0926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0926"
    },
    {
      "name": "CVE-2021-0961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0961"
    },
    {
      "name": "CVE-2023-26207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26207"
    },
    {
      "name": "CVE-2020-23064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-23064"
    },
    {
      "name": "CVE-2021-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0652"
    },
    {
      "name": "CVE-2021-0339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0339"
    },
    {
      "name": "CVE-2021-39627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39627"
    },
    {
      "name": "CVE-2021-0437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0437"
    },
    {
      "name": "CVE-2023-29179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29179"
    },
    {
      "name": "CVE-2021-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0433"
    },
    {
      "name": "CVE-2024-22041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22041"
    },
    {
      "name": "CVE-2023-33305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33305"
    },
    {
      "name": "CVE-2022-20473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20473"
    },
    {
      "name": "CVE-2022-43947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43947"
    },
    {
      "name": "CVE-2023-41841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41841"
    },
    {
      "name": "CVE-2021-0333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0333"
    },
    {
      "name": "CVE-2022-20483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20483"
    },
    {
      "name": "CVE-2020-25705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
    },
    {
      "name": "CVE-2024-22045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22045"
    },
    {
      "name": "CVE-2022-42476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42476"
    },
    {
      "name": "CVE-2023-49125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49125"
    },
    {
      "name": "CVE-2021-0399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
    },
    {
      "name": "CVE-2023-33301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33301"
    },
    {
      "name": "CVE-2021-0476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0476"
    },
    {
      "name": "CVE-2021-0507",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0507"
    },
    {
      "name": "CVE-2021-0390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
    },
    {
      "name": "CVE-2021-0444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0444"
    },
    {
      "name": "CVE-2021-0520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0520"
    },
    {
      "name": "CVE-2021-0586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0586"
    },
    {
      "name": "CVE-2021-39633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39633"
    },
    {
      "name": "CVE-2021-0587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0587"
    },
    {
      "name": "CVE-2021-0952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0952"
    },
    {
      "name": "CVE-2022-20476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20476"
    },
    {
      "name": "CVE-2020-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10768"
    },
    {
      "name": "CVE-2022-20472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20472"
    },
    {
      "name": "CVE-2021-0326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0326"
    },
    {
      "name": "CVE-2021-0929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0929"
    },
    {
      "name": "CVE-2022-20227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20227"
    },
    {
      "name": "CVE-2021-0336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0336"
    },
    {
      "name": "CVE-2023-44250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44250"
    },
    {
      "name": "CVE-2021-0506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0506"
    },
    {
      "name": "CVE-2021-0515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0515"
    },
    {
      "name": "CVE-2022-20355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20355"
    },
    {
      "name": "CVE-2021-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0330"
    },
    {
      "name": "CVE-2021-0688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0688"
    },
    {
      "name": "CVE-2021-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
    },
    {
      "name": "CVE-2024-21762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21762"
    },
    {
      "name": "CVE-2021-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0512"
    },
    {
      "name": "CVE-2023-29178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29178"
    },
    {
      "name": "CVE-2022-20130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20130"
    },
    {
      "name": "CVE-2021-0519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0519"
    },
    {
      "name": "CVE-2021-0516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0516"
    },
    {
      "name": "CVE-2021-39621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39621"
    },
    {
      "name": "CVE-2021-33909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
    },
    {
      "name": "CVE-2022-42469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42469"
    },
    {
      "name": "CVE-2021-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1972"
    },
    {
      "name": "CVE-2021-1976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1976"
    },
    {
      "name": "CVE-2022-41327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41327"
    },
    {
      "name": "CVE-2021-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0640"
    },
    {
      "name": "CVE-2020-14305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14305"
    },
    {
      "name": "CVE-2023-36555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36555"
    },
    {
      "name": "CVE-2022-20422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
    },
    {
      "name": "CVE-2022-20468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20468"
    },
    {
      "name": "CVE-2023-22640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22640"
    },
    {
      "name": "CVE-2021-0400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0400"
    },
    {
      "name": "CVE-2022-20469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20469"
    },
    {
      "name": "CVE-2020-26558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26558"
    },
    {
      "name": "CVE-2021-0706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0706"
    },
    {
      "name": "CVE-2021-0682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0682"
    },
    {
      "name": "CVE-2021-0480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0480"
    },
    {
      "name": "CVE-2021-0429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0429"
    },
    {
      "name": "CVE-2023-22639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22639"
    },
    {
      "name": "CVE-2021-0683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0683"
    },
    {
      "name": "CVE-2022-20411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20411"
    },
    {
      "name": "CVE-2022-43953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43953"
    },
    {
      "name": "CVE-2023-33307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33307"
    },
    {
      "name": "CVE-2021-0328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0328"
    },
    {
      "name": "CVE-2021-0684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0684"
    },
    {
      "name": "CVE-2022-20466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20466"
    },
    {
      "name": "CVE-2023-40718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40718"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2021-0704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0704"
    },
    {
      "name": "CVE-2022-20127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20127"
    },
    {
      "name": "CVE-2021-0436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0436"
    },
    {
      "name": "CVE-2021-0584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0584"
    },
    {
      "name": "CVE-2022-45861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45861"
    },
    {
      "name": "CVE-2021-0594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0594"
    },
    {
      "name": "CVE-2021-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0591"
    },
    {
      "name": "CVE-2021-0514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0514"
    },
    {
      "name": "CVE-2021-0511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0511"
    },
    {
      "name": "CVE-2021-0931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0931"
    },
    {
      "name": "CVE-2024-21483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21483"
    },
    {
      "name": "CVE-2020-15436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15436"
    },
    {
      "name": "CVE-2023-45793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45793"
    },
    {
      "name": "CVE-2021-0689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0689"
    },
    {
      "name": "CVE-2023-28001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28001"
    },
    {
      "name": "CVE-2021-0970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0970"
    },
    {
      "name": "CVE-2021-0337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0337"
    },
    {
      "name": "CVE-2022-32257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32257"
    },
    {
      "name": "CVE-2023-36639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36639"
    },
    {
      "name": "CVE-2021-39623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39623"
    },
    {
      "name": "CVE-2022-41330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41330"
    },
    {
      "name": "CVE-2021-0508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0508"
    },
    {
      "name": "CVE-2021-0325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0325"
    },
    {
      "name": "CVE-2021-0708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0708"
    },
    {
      "name": "CVE-2022-41334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41334"
    },
    {
      "name": "CVE-2024-23113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23113"
    },
    {
      "name": "CVE-2020-0338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0338"
    },
    {
      "name": "CVE-2020-26555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26555"
    },
    {
      "name": "CVE-2021-0302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0302"
    },
    {
      "name": "CVE-2021-0589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0589"
    },
    {
      "name": "CVE-2021-0305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0305"
    },
    {
      "name": "CVE-2023-33308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33308"
    },
    {
      "name": "CVE-2023-29175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29175"
    },
    {
      "name": "CVE-2021-0431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0431"
    },
    {
      "name": "CVE-2021-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
    },
    {
      "name": "CVE-2021-0474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0474"
    },
    {
      "name": "CVE-2021-0930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0930"
    },
    {
      "name": "CVE-2021-39626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39626"
    },
    {
      "name": "CVE-2021-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0967"
    },
    {
      "name": "CVE-2023-25610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25610"
    },
    {
      "name": "CVE-2023-37935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37935"
    },
    {
      "name": "CVE-2021-0695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0695"
    },
    {
      "name": "CVE-2024-22040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22040"
    },
    {
      "name": "CVE-2021-0965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0965"
    },
    {
      "name": "CVE-2021-0513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0513"
    },
    {
      "name": "CVE-2021-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0434"
    },
    {
      "name": "CVE-2021-0687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0687"
    },
    {
      "name": "CVE-2021-0481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0481"
    },
    {
      "name": "CVE-2021-0964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0964"
    },
    {
      "name": "CVE-2021-0641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0641"
    },
    {
      "name": "CVE-2021-0435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0435"
    },
    {
      "name": "CVE-2021-0334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0334"
    },
    {
      "name": "CVE-2021-0933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0933"
    },
    {
      "name": "CVE-2021-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
    },
    {
      "name": "CVE-2023-29180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29180"
    },
    {
      "name": "CVE-2021-0588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0588"
    },
    {
      "name": "CVE-2023-38545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38545"
    },
    {
      "name": "CVE-2024-22039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22039"
    },
    {
      "name": "CVE-2021-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
    },
    {
      "name": "CVE-2021-0510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0510"
    },
    {
      "name": "CVE-2021-0692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0692"
    },
    {
      "name": "CVE-2024-22044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22044"
    },
    {
      "name": "CVE-2020-14381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14381"
    }
  ],
  "initial_release_date": "2024-03-12T00:00:00",
  "last_revision_date": "2024-03-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0203",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-792319 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-792319.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-918992 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-918992.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-353002 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-353002.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-653855 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-225840 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-225840.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-145196 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-145196.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-382651 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-382651.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-832273 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-832273.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-366067 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-366067.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-770721 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-770721.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-576771 du 12 mars 2024",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-576771.html"
    }
  ]
}

CERTFR-2021-AVI-155

Vulnerability from certfr_avis - Published: 2021-03-02 - Updated: 2021-03-02

De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Google	Android	Google Android toutes versions sans le correctif du 01 mars 2021

References

Title

Publication Time

Tags

Bulletin de sécurité Pixel du 01 mars 2021	None	vendor-advisory
Bulletin de sécurité Android du 01 mars 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Android toutes versions sans le correctif du 01 mars 2021",
      "product": {
        "name": "Android",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-11204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11204"
    },
    {
      "name": "CVE-2021-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0397"
    },
    {
      "name": "CVE-2020-11309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11309"
    },
    {
      "name": "CVE-2017-14491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14491"
    },
    {
      "name": "CVE-2020-11195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11195"
    },
    {
      "name": "CVE-2021-0396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0396"
    },
    {
      "name": "CVE-2020-11228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11228"
    },
    {
      "name": "CVE-2020-11189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11189"
    },
    {
      "name": "CVE-2021-0395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0395"
    },
    {
      "name": "CVE-2020-11218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11218"
    },
    {
      "name": "CVE-2020-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11226"
    },
    {
      "name": "CVE-2020-11186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11186"
    },
    {
      "name": "CVE-2021-0398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0398"
    },
    {
      "name": "CVE-2021-0399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0399"
    },
    {
      "name": "CVE-2020-11188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11188"
    },
    {
      "name": "CVE-2021-0390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0390"
    },
    {
      "name": "CVE-2020-11220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11220"
    },
    {
      "name": "CVE-2020-11194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11194"
    },
    {
      "name": "CVE-2021-0393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0393"
    },
    {
      "name": "CVE-2020-11299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11299"
    },
    {
      "name": "CVE-2020-11223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11223"
    },
    {
      "name": "CVE-2020-11222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11222"
    },
    {
      "name": "CVE-2020-11192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11192"
    },
    {
      "name": "CVE-2020-11166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11166"
    },
    {
      "name": "CVE-2020-11199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11199"
    },
    {
      "name": "CVE-2020-11171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11171"
    },
    {
      "name": "CVE-2020-11190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11190"
    },
    {
      "name": "CVE-2020-11178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11178"
    },
    {
      "name": "CVE-2020-11290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11290"
    },
    {
      "name": "CVE-2020-11221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11221"
    },
    {
      "name": "CVE-2021-0392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0392"
    },
    {
      "name": "CVE-2020-11165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11165"
    },
    {
      "name": "CVE-2020-11198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11198"
    },
    {
      "name": "CVE-2021-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0394"
    },
    {
      "name": "CVE-2021-0391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0391"
    },
    {
      "name": "CVE-2020-11227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11227"
    },
    {
      "name": "CVE-2020-11308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11308"
    }
  ],
  "initial_release_date": "2021-03-02T00:00:00",
  "last_revision_date": "2021-03-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-155",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-03-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Pixel du 01 mars 2021",
      "url": "https://source.android.com/security/bulletin/pixel/2021-03-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 01 mars 2021",
      "url": "https://source.android.com/security/bulletin/2021-03-01"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-0399 (GCVE-0-2021-0399)

GHSA-HC9R-VRRG-QRWW

CVE-2021-0399

FKIE_CVE-2021-0399

CNVD-2021-26352

GSD-2021-0399

CERTFR-2024-AVI-0203

Solution

CERTFR-2021-AVI-155

Solution

Tags

Sightings

Nomenclature