Vulnerability-Lookup

CVE-2021-20269 (GCVE-0-2021-20269)

Vulnerability from cvelistv5 – Published: 2022-03-09 16:29 – Updated: 2024-08-03 17:37

Summary

A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.

Severity ?

No CVSS data available.

CWE

CWE-276

Assigner

redhat

References

URL

Tags

https://bugzilla.redhat.com/show_bug.cgi?id=1934261

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	kexec-tools	Affected: Fedora kexec-tools versions prior to 2.0.21-8 and RHEL kexec-tools versions prior to 2.0.20-47

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kexec-tools",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fedora kexec-tools versions prior to 2.0.21-8 and RHEL kexec-tools versions prior to 2.0.20-47"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-276",
              "description": "CWE-276",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-09T16:29:47.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20269",
    "datePublished": "2022-03-09T16:29:47.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:37:23.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2023-AVI-0453

Vulnerability from certfr_avis - Published: 2023-06-13 - Updated: 2023-06-14

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SINAMICS GL150 versions antérieures à 7.2
Siemens	N/A	Teamcenter Visualization versions 13.3.x antérieures à 13.3.0.10
Siemens	N/A	SIMOTION D425-2 DP (6AU1425-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05
Siemens	N/A	POWER METER SICAM Q200 family versions antérieures à 2.70
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA1) toutes versions
Siemens	N/A	SIMOTION D410-2 DP (6AU1410-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC STEP 7 V5 versions antérieures à 5.7
Siemens	N/A	SIMOTION C240 (6AU1240-1AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC S7-1500 TM MFP - Linux Kernel
Siemens	N/A	SINAUT Software ST7sc toutes versions
Siemens	N/A	SIMOTION P320-4 E (6AU1320-4DE65-3AF0) toutes versions
Siemens	N/A	Teamcenter Visualization versions 14.0.x antérieures à 14.0.0.6
Siemens	N/A	SIMOTION C240 PN (6AU1240-1AB00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC NET PC Software V14 toutes versions
Siemens	N/A	SIMATIC PCS 7 V9.0 toutes versions
Siemens	N/A	SIMATIC PCS 7 V9.1 toutes versions
Siemens	N/A	SIMATIC S7-1500 TM MFP - BIOS
Siemens	N/A	SIMOTION D435-2 DP/PN (6AU1435-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SINAMICS SL150 versions antérieures à 7.2
Siemens	N/A	SINAMICS PERFECT HARMONY GH180 6SR5 versions antérieures à 7.2
Siemens	N/A	Teamcenter Visualization versions 13.2.x antérieures à 13.2.0.13
Siemens	N/A	SIMOTION D435-2 DP (6AU1435-2AA00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMOTION P320-4 S (6AU1320-4DS66-3AG0) toutes versions
Siemens	N/A	SIMATIC WinCC versions antérieures à 8.0
Siemens	N/A	Teamcenter Visualization versions 14.2.x antérieures à 14.2.0.3
Siemens	N/A	les contrôlleurs Desigo PX, se référer au bulletin ssa-824231 de l'éditeur pour la liste complète des versions affectées
Siemens	N/A	SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMATIC S7-PM toutes versions
Siemens	N/A	Solid Edge SE2023 versions antérieures à 223.0 Update 5
Siemens	N/A	JT2Go versions antérieures à 14.1.0.4
Siemens	N/A	SIMOTION D455-2 DP/PN (6AU1455-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	SIMOTION D410-2 DP/PN (6AU1410-2AD00-0AA0) versions antérieures à 5.5 SP1
Siemens	N/A	Teamcenter Visualization versions 14.1.x antérieures à 14.1.0.8
Siemens	N/A	CP-8031 MASTER MODULE (6MF2803-1AA00) versions antérieures à CPCI85 V05
Siemens	N/A	Totally Integrated Automation Portal (TIA Portal) versions 14 à 18
Siemens	N/A	SIMATIC PCS 7 toutes versions
Siemens	N/A	SIMOTION D425-2 DP/PN (6AU1425-2AD00-0AA0) versions antérieures à 5.5 SP1

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-975766 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-042050 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-731916 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-914026 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-794697 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-538795 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-831302 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-482956 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-508677 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-968170 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-824231 du 24 janvier 2018	None	vendor-advisory
Bulletin de sécurité Siemens ssa-942865 du 13 juin 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-887249 du 13 juin 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SINAMICS GL150 versions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 13.3.x ant\u00e9rieures \u00e0 13.3.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D425-2 DP (6AU1425-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q200 family versions ant\u00e9rieures \u00e0 2.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D410-2 DP (6AU1410-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 5.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION C240 (6AU1240-1AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 TM MFP - Linux Kernel",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAUT Software ST7sc toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4 E (6AU1320-4DE65-3AF0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 14.0.x ant\u00e9rieures \u00e0 14.0.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION C240 PN (6AU1240-1AB00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V14 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.0 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 TM MFP - BIOS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D435-2 DP/PN (6AU1435-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS SL150 versions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS PERFECT HARMONY GH180 6SR5 versions ant\u00e9rieures \u00e0 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 13.2.x ant\u00e9rieures \u00e0 13.2.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D435-2 DP (6AU1435-2AA00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4 S (6AU1320-4DS66-3AG0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC versions ant\u00e9rieures \u00e0 8.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 14.2.x ant\u00e9rieures \u00e0 14.2.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "les contr\u00f4lleurs Desigo PX, se r\u00e9f\u00e9rer au bulletin ssa-824231 de l\u0027\u00e9diteur pour la liste compl\u00e8te des versions affect\u00e9es",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D445-2 DP/PN (6AU1445-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PM toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2023 versions ant\u00e9rieures \u00e0 223.0 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 14.1.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D455-2 DP/PN (6AU1455-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D410-2 DP/PN (6AU1410-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions 14.1.x ant\u00e9rieures \u00e0 14.1.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP-8031 MASTER MODULE (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Totally Integrated Automation Portal (TIA Portal) versions 14 \u00e0 18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION D425-2 DP/PN (6AU1425-2AD00-0AA0) versions ant\u00e9rieures \u00e0 5.5 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2021-42384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42384"
    },
    {
      "name": "CVE-2022-35252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2021-42378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42378"
    },
    {
      "name": "CVE-2022-39190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39190"
    },
    {
      "name": "CVE-2022-42720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
    },
    {
      "name": "CVE-2021-42382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42382"
    },
    {
      "name": "CVE-2022-47520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47520"
    },
    {
      "name": "CVE-2021-38604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38604"
    },
    {
      "name": "CVE-2022-21233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21233"
    },
    {
      "name": "CVE-2021-42376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42376"
    },
    {
      "name": "CVE-2022-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3633"
    },
    {
      "name": "CVE-2021-28831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28831"
    },
    {
      "name": "CVE-2023-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2020-29562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29562"
    },
    {
      "name": "CVE-2022-20421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20421"
    },
    {
      "name": "CVE-2022-32208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
    },
    {
      "name": "CVE-2018-4834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4834"
    },
    {
      "name": "CVE-2022-32296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
    },
    {
      "name": "CVE-2022-47929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
    },
    {
      "name": "CVE-2022-3628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
    },
    {
      "name": "CVE-2021-42373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42373"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2021-42377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42377"
    },
    {
      "name": "CVE-2022-42329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42329"
    },
    {
      "name": "CVE-2021-3998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3998"
    },
    {
      "name": "CVE-2023-23455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23455"
    },
    {
      "name": "CVE-2020-1752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1752"
    },
    {
      "name": "CVE-2022-42703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
    },
    {
      "name": "CVE-2022-47518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47518"
    },
    {
      "name": "CVE-2023-31238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-31238"
    },
    {
      "name": "CVE-2022-32207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2021-42386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42386"
    },
    {
      "name": "CVE-2022-42895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42895"
    },
    {
      "name": "CVE-2023-33919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33919"
    },
    {
      "name": "CVE-2022-43750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
    },
    {
      "name": "CVE-2022-21166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
    },
    {
      "name": "CVE-2022-3435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3435"
    },
    {
      "name": "CVE-2022-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3169"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2021-42380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42380"
    },
    {
      "name": "CVE-2023-33920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33920"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2022-4662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4662"
    },
    {
      "name": "CVE-2021-42374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42374"
    },
    {
      "name": "CVE-2023-33124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33124"
    },
    {
      "name": "CVE-2022-43545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43545"
    },
    {
      "name": "CVE-2022-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
    },
    {
      "name": "CVE-2022-3534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3534"
    },
    {
      "name": "CVE-2022-36280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36280"
    },
    {
      "name": "CVE-2022-4129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
    },
    {
      "name": "CVE-2022-41218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
    },
    {
      "name": "CVE-2023-26495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26495"
    },
    {
      "name": "CVE-2022-34918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34918"
    },
    {
      "name": "CVE-2022-20572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20572"
    },
    {
      "name": "CVE-2022-41849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41849"
    },
    {
      "name": "CVE-2022-42432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42432"
    },
    {
      "name": "CVE-2022-42896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
    },
    {
      "name": "CVE-2023-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0179"
    },
    {
      "name": "CVE-2022-47946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47946"
    },
    {
      "name": "CVE-2021-33655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
    },
    {
      "name": "CVE-2022-2602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2602"
    },
    {
      "name": "CVE-2022-1462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
    },
    {
      "name": "CVE-2023-25910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25910"
    },
    {
      "name": "CVE-2023-33921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33921"
    },
    {
      "name": "CVE-2022-4095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4095"
    },
    {
      "name": "CVE-2022-2585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2585"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2022-21125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
    },
    {
      "name": "CVE-2022-2078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2078"
    },
    {
      "name": "CVE-2022-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
    },
    {
      "name": "CVE-2022-41222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
    },
    {
      "name": "CVE-2022-2663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
    },
    {
      "name": "CVE-2022-2586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
    },
    {
      "name": "CVE-2022-28391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28391"
    },
    {
      "name": "CVE-2023-26607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26607"
    },
    {
      "name": "CVE-2022-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3649"
    },
    {
      "name": "CVE-2022-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3545"
    },
    {
      "name": "CVE-2020-10029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
    },
    {
      "name": "CVE-2022-42719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42719"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2021-42379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42379"
    },
    {
      "name": "CVE-2021-20269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20269"
    },
    {
      "name": "CVE-2021-3999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3999"
    },
    {
      "name": "CVE-2021-3759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3759"
    },
    {
      "name": "CVE-2023-23559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23559"
    },
    {
      "name": "CVE-2022-3524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
    },
    {
      "name": "CVE-2022-32250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
    },
    {
      "name": "CVE-2022-2274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2274"
    },
    {
      "name": "CVE-2018-13405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13405"
    },
    {
      "name": "CVE-2022-39188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
    },
    {
      "name": "CVE-2021-42381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42381"
    },
    {
      "name": "CVE-2022-21505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21505"
    },
    {
      "name": "CVE-2022-36123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36123"
    },
    {
      "name": "CVE-2022-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3586"
    },
    {
      "name": "CVE-2021-4037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4037"
    },
    {
      "name": "CVE-2022-41850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41850"
    },
    {
      "name": "CVE-2022-2978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2978"
    },
    {
      "name": "CVE-2022-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3646"
    },
    {
      "name": "CVE-2022-3625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
    },
    {
      "name": "CVE-2022-42328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42328"
    },
    {
      "name": "CVE-2022-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3565"
    },
    {
      "name": "CVE-2023-33122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33122"
    },
    {
      "name": "CVE-2022-42721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
    },
    {
      "name": "CVE-2022-4378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
    },
    {
      "name": "CVE-2022-0547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0547"
    },
    {
      "name": "CVE-2022-21123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
    },
    {
      "name": "CVE-2022-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43398"
    },
    {
      "name": "CVE-2022-1012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1012"
    },
    {
      "name": "CVE-2022-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3115"
    },
    {
      "name": "CVE-2021-42383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42383"
    },
    {
      "name": "CVE-2023-1095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1095"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2022-0171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0171"
    },
    {
      "name": "CVE-2022-26373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26373"
    },
    {
      "name": "CVE-2022-2905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2905"
    },
    {
      "name": "CVE-2022-20422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20422"
    },
    {
      "name": "CVE-2023-0394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2022-3594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3594"
    },
    {
      "name": "CVE-2022-36946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
    },
    {
      "name": "CVE-2022-3303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3303"
    },
    {
      "name": "CVE-2016-10228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
    },
    {
      "name": "CVE-2021-42385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42385"
    },
    {
      "name": "CVE-2022-23308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
    },
    {
      "name": "CVE-2022-1679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
    },
    {
      "name": "CVE-2022-36879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36879"
    },
    {
      "name": "CVE-2022-23218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23218"
    },
    {
      "name": "CVE-2023-27465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27465"
    },
    {
      "name": "CVE-2022-3629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3629"
    },
    {
      "name": "CVE-2023-33121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33121"
    },
    {
      "name": "CVE-2022-2959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2959"
    },
    {
      "name": "CVE-2023-28829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28829"
    },
    {
      "name": "CVE-2022-2588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2023-1077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1077"
    },
    {
      "name": "CVE-2021-35942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35942"
    },
    {
      "name": "CVE-2023-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1073"
    },
    {
      "name": "CVE-2023-30757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30757"
    },
    {
      "name": "CVE-2021-33574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
    },
    {
      "name": "CVE-2022-42722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
    },
    {
      "name": "CVE-2021-3326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
    },
    {
      "name": "CVE-2022-20566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-20566"
    },
    {
      "name": "CVE-2022-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2327"
    },
    {
      "name": "CVE-2022-1199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1199"
    },
    {
      "name": "CVE-2022-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3621"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2022-3606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3606"
    },
    {
      "name": "CVE-2022-1852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1852"
    },
    {
      "name": "CVE-2021-27645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27645"
    },
    {
      "name": "CVE-2022-40768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40768"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    },
    {
      "name": "CVE-2022-3521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3521"
    },
    {
      "name": "CVE-2022-3104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3104"
    },
    {
      "name": "CVE-2021-42375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42375"
    },
    {
      "name": "CVE-2022-2503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2503"
    },
    {
      "name": "CVE-2022-3028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
    },
    {
      "name": "CVE-2023-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0590"
    },
    {
      "name": "CVE-2023-30897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30897"
    },
    {
      "name": "CVE-2022-40307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40307"
    },
    {
      "name": "CVE-2020-27618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
    },
    {
      "name": "CVE-2022-23219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    },
    {
      "name": "CVE-2022-41674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
    },
    {
      "name": "CVE-2022-1882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1882"
    },
    {
      "name": "CVE-2022-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3635"
    },
    {
      "name": "CVE-2022-43439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43439"
    },
    {
      "name": "CVE-2023-33123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33123"
    },
    {
      "name": "CVE-2023-30901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30901"
    },
    {
      "name": "CVE-2022-43546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43546"
    },
    {
      "name": "CVE-2022-2153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2153"
    }
  ],
  "initial_release_date": "2023-06-13T00:00:00",
  "last_revision_date": "2023-06-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0453",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-06-13T00:00:00.000000"
    },
    {
      "description": "Modification de la date du bulletin de s\u00e9curit\u00e9 ssa-824231.",
      "revision_date": "2023-06-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-975766 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-975766.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-042050 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-042050.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-731916 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-731916.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-914026 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-914026.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-794697 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-794697.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-538795 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-538795.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-831302 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-831302.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-482956 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-482956.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-508677 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-508677.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-968170 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-968170.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-824231 du 24 janvier 2018",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-824231.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-942865 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-942865.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-887249 du 13 juin 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-887249.html"
    }
  ]
}

CERTFR-2022-AVI-591

Vulnerability from certfr_avis - Published: 2022-06-30 - Updated: 2022-06-30

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Plus versions antérieures à 10.1.11
IBM	Spectrum	IBM Spectrum Protect Client versions antérieures à 8.1.1.15
IBM	N/A	IBM® Db2® et Db2 Warehouse® sur Cloud Pak for Data versions antérieures à 4.5.0
IBM	Db2	IBM® Db2® sur Openshift versions antérieures à 11.5.7.0-cn5

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6596399 du 29 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6596971 du 29 juin 2022	None	vendor-advisory
Bulletin de sécurité IBM 6599703 du 29 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Plus versions ant\u00e9rieures \u00e0 10.1.11",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Client versions ant\u00e9rieures \u00e0 8.1.1.15",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM\u00ae Db2\u00ae et Db2 Warehouse\u00ae sur Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM\u00ae Db2\u00ae sur Openshift versions ant\u00e9rieures \u00e0 11.5.7.0-cn5",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-29368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29368"
    },
    {
      "name": "CVE-2021-20322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20322"
    },
    {
      "name": "CVE-2018-1099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1099"
    },
    {
      "name": "CVE-2021-4154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4154"
    },
    {
      "name": "CVE-2021-45485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45485"
    },
    {
      "name": "CVE-2022-27191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27191"
    },
    {
      "name": "CVE-2021-30465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
    },
    {
      "name": "CVE-2019-11249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11249"
    },
    {
      "name": "CVE-2020-8557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8557"
    },
    {
      "name": "CVE-2020-7919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7919"
    },
    {
      "name": "CVE-2019-11247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11247"
    },
    {
      "name": "CVE-2020-28851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28851"
    },
    {
      "name": "CVE-2021-42248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42248"
    },
    {
      "name": "CVE-2018-1002105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105"
    },
    {
      "name": "CVE-2021-31525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525"
    },
    {
      "name": "CVE-2020-15112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15112"
    },
    {
      "name": "CVE-2021-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4203"
    },
    {
      "name": "CVE-2021-25736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25736"
    },
    {
      "name": "CVE-2020-27813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27813"
    },
    {
      "name": "CVE-2018-17848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17848"
    },
    {
      "name": "CVE-2019-16884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16884"
    },
    {
      "name": "CVE-2021-41864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41864"
    },
    {
      "name": "CVE-2020-36385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
    },
    {
      "name": "CVE-2020-25704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
    },
    {
      "name": "CVE-2021-25735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25735"
    },
    {
      "name": "CVE-2017-18367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18367"
    },
    {
      "name": "CVE-2020-8564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8564"
    },
    {
      "name": "CVE-2021-20206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20206"
    },
    {
      "name": "CVE-2019-11246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11246"
    },
    {
      "name": "CVE-2021-31916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31916"
    },
    {
      "name": "CVE-2020-8565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8565"
    },
    {
      "name": "CVE-2021-27918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27918"
    },
    {
      "name": "CVE-2021-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3635"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2018-1098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1098"
    },
    {
      "name": "CVE-2021-28971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28971"
    },
    {
      "name": "CVE-2019-11254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11254"
    },
    {
      "name": "CVE-2022-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0286"
    },
    {
      "name": "CVE-2021-4002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4002"
    },
    {
      "name": "CVE-2021-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
    },
    {
      "name": "CVE-2021-45486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45486"
    },
    {
      "name": "CVE-2020-8551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8551"
    },
    {
      "name": "CVE-2017-1002101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1002101"
    },
    {
      "name": "CVE-2021-4157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4157"
    },
    {
      "name": "CVE-2020-15106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15106"
    },
    {
      "name": "CVE-2021-43784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43784"
    },
    {
      "name": "CVE-2021-20321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20321"
    },
    {
      "name": "CVE-2018-17142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17142"
    },
    {
      "name": "CVE-2022-0185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
    },
    {
      "name": "CVE-2022-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
    },
    {
      "name": "CVE-2021-41190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41190"
    },
    {
      "name": "CVE-2021-44733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44733"
    },
    {
      "name": "CVE-2020-8552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8552"
    },
    {
      "name": "CVE-2021-20269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20269"
    },
    {
      "name": "CVE-2020-8554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8554"
    },
    {
      "name": "CVE-2019-11252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11252"
    },
    {
      "name": "CVE-2021-3121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3121"
    },
    {
      "name": "CVE-2019-11250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11250"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2022-1011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1011"
    },
    {
      "name": "CVE-2021-3669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3669"
    },
    {
      "name": "CVE-2020-8559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8559"
    },
    {
      "name": "CVE-2020-10752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10752"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2021-29650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
    },
    {
      "name": "CVE-2020-36322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
    },
    {
      "name": "CVE-2020-28852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28852"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2020-15113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15113"
    },
    {
      "name": "CVE-2020-29652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29652"
    },
    {
      "name": "CVE-2018-17847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17847"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2020-26160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26160"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2021-42836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42836"
    },
    {
      "name": "CVE-2020-8555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8555"
    },
    {
      "name": "CVE-2021-44716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
    },
    {
      "name": "CVE-2018-17143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17143"
    },
    {
      "name": "CVE-2019-11841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11841"
    },
    {
      "name": "CVE-2018-20699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20699"
    },
    {
      "name": "CVE-2021-33194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33194"
    },
    {
      "name": "CVE-2020-14040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14040"
    },
    {
      "name": "CVE-2021-3764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3764"
    },
    {
      "name": "CVE-2019-1002101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1002101"
    },
    {
      "name": "CVE-2021-38201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-38201"
    },
    {
      "name": "CVE-2021-21781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21781"
    },
    {
      "name": "CVE-2022-0850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0850"
    },
    {
      "name": "CVE-2021-3538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3538"
    },
    {
      "name": "CVE-2019-11253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
    },
    {
      "name": "CVE-2021-25737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25737"
    },
    {
      "name": "CVE-2018-17846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17846"
    },
    {
      "name": "CVE-2021-4028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
    },
    {
      "name": "CVE-2021-43565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43565"
    },
    {
      "name": "CVE-2021-25741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25741"
    },
    {
      "name": "CVE-2018-16886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16886"
    },
    {
      "name": "CVE-2021-44907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44907"
    },
    {
      "name": "CVE-2021-4197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4197"
    },
    {
      "name": "CVE-2020-9283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9283"
    },
    {
      "name": "CVE-2019-11840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11840"
    },
    {
      "name": "CVE-2019-11251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11251"
    },
    {
      "name": "CVE-2020-36067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36067"
    }
  ],
  "initial_release_date": "2022-06-30T00:00:00",
  "last_revision_date": "2022-06-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-591",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6596399 du 29 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6596399"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6596971 du 29 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6596971"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6599703 du 29 juin 2022",
      "url": "https://www.ibm.com/support/pages/node/6599703"
    }
  ]
}

GHSA-55H9-M2G5-R4XM

Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-17 00:02

Details

Severity ?

6.2 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20269"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-10T17:41:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.",
  "id": "GHSA-55h9-m2g5-r4xm",
  "modified": "2022-03-17T00:02:04Z",
  "published": "2022-03-11T00:02:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20269"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:4404"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2021-20269"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-20269

Vulnerability from fkie_nvd - Published: 2022-03-10 17:41 - Updated: 2024-11-21 05:46

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1934261	Issue Tracking, Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1934261	Issue Tracking, Third Party Advisory

Impacted products

Vendor	Product	Version
kexec-tools_project	kexec-tools	*
fedoraproject	fedora	-
kexec-tools_project	kexec-tools	*
redhat	enterprise_linux	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kexec-tools_project:kexec-tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1922DFF4-341A-4C43-B3CE-6D76A77BCE28",
              "versionEndExcluding": "2.0.21-8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3FEADDA-2AEE-4F65-9401-971B585664A8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kexec-tools_project:kexec-tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "803FD25F-B044-4A48-8C33-A9D9A472112B",
              "versionEndExcluding": "2.0.20-47",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7347E2-C2A4-4230-A1BC-F6FE93943D4F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado un fallo en los permisos de un archivo de registro creado por kexec-tools. Este fallo permite a un usuario local no privilegiado leer este archivo y filtrar informaci\u00f3n interna del kernel de un p\u00e1nico anterior. La mayor amenaza de esta vulnerabilidad es la confidencialidad. Este fallo afecta a kexec-tools distribuido por Fedora versiones anteriores a 2.0.21-8 y versiones de RHEL anteriores a 2.0.20-47"
    }
  ],
  "id": "CVE-2021-20269",
  "lastModified": "2024-11-21T05:46:14.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-10T17:41:27.460",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-276"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GSD-2021-20269

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-20269

Aliases

CVE-2021-20269

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20269",
    "description": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.",
    "id": "GSD-2021-20269",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-20269.html",
      "https://access.redhat.com/errata/RHSA-2021:4404",
      "https://security.archlinux.org/CVE-2021-20269",
      "https://linux.oracle.com/cve/CVE-2021-20269.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20269"
      ],
      "details": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.",
      "id": "GSD-2021-20269",
      "modified": "2023-12-13T01:23:12.678839Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2021-20269",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "kexec-tools",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "Fedora kexec-tools versions prior to 2.0.21-8 and RHEL kexec-tools versions prior to 2.0.20-47"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-276",
                "lang": "eng",
                "value": "CWE-276"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:kexec-tools_project:kexec-tools:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0.21-8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:kexec-tools_project:kexec-tools:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "2.0.20-47",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-20269"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-276"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934261"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-12T22:15Z",
      "publishedDate": "2022-03-10T17:41Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20269 (GCVE-0-2021-20269)

CERTFR-2023-AVI-0453

Solution

CERTFR-2022-AVI-591

Solution

GHSA-55H9-M2G5-R4XM

FKIE_CVE-2021-20269

GSD-2021-20269

Tags

Sightings

Nomenclature