Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-44790 (GCVE-0-2021-44790)
Vulnerability from cvelistv5 – Published: 2021-12-20 00:00 – Updated: 2024-08-04 04:32
VLAI?
EPSS
Title
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
Summary
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Severity ?
No CVSS data available.
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache HTTP Server |
Affected:
Apache HTTP Server 2.4 , ≤ 2.4.51
(custom)
|
Credits
Chamal
Anonymous working with Trend Micro Zero Day Initiative
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:32:13.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"name": "FEDORA-2021-29a536c2ae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/"
},
{
"name": "DSA-5035",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"name": "FEDORA-2022-b4103753e9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "FEDORA-2022-21264ec6db",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "GLSA-202208-20",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache HTTP Server",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThanOrEqual": "2.4.51",
"status": "affected",
"version": "Apache HTTP Server 2.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Chamal"
},
{
"lang": "en",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"value": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier."
}
],
"metrics": [
{
"other": {
"content": {
"other": "high"
},
"type": "unknown"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-03T00:00:00.000Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"name": "FEDORA-2021-29a536c2ae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/"
},
{
"name": "DSA-5035",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"name": "FEDORA-2022-b4103753e9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "FEDORA-2022-21264ec6db",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://support.apple.com/kb/HT213257"
},
{
"url": "https://support.apple.com/kb/HT213256"
},
{
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "GLSA-202208-20",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "en",
"time": "2021-12-07T00:00:00.000Z",
"value": "Reported to security team"
},
{
"lang": "en",
"time": "2021-12-16T00:00:00.000Z",
"value": "Fixed by r1896039 in 2.4.x"
}
],
"title": "Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-44790",
"datePublished": "2021-12-20T00:00:00.000Z",
"dateReserved": "2021-12-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T04:32:13.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2021-44790
Vulnerability from fkie_nvd - Published: 2021-12-20 12:15 - Updated: 2025-05-01 15:38
Severity ?
Summary
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
References
| URL | Tags | ||
|---|---|---|---|
| security@apache.org | http://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| security@apache.org | http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html | Exploit | |
| security@apache.org | http://seclists.org/fulldisclosure/2022/May/33 | Mailing List, Third Party Advisory | |
| security@apache.org | http://seclists.org/fulldisclosure/2022/May/35 | Mailing List, Third Party Advisory | |
| security@apache.org | http://seclists.org/fulldisclosure/2022/May/38 | Mailing List, Third Party Advisory | |
| security@apache.org | http://www.openwall.com/lists/oss-security/2021/12/20/4 | Mailing List, Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/ | Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ | Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ | Third Party Advisory | |
| security@apache.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ | Third Party Advisory | |
| security@apache.org | https://security.gentoo.org/glsa/202208-20 | Third Party Advisory | |
| security@apache.org | https://security.netapp.com/advisory/ntap-20211224-0001/ | Third Party Advisory | |
| security@apache.org | https://support.apple.com/kb/HT213255 | Third Party Advisory | |
| security@apache.org | https://support.apple.com/kb/HT213256 | Third Party Advisory | |
| security@apache.org | https://support.apple.com/kb/HT213257 | Third Party Advisory | |
| security@apache.org | https://www.debian.org/security/2022/dsa-5035 | Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| security@apache.org | https://www.tenable.com/security/tns-2022-01 | Third Party Advisory | |
| security@apache.org | https://www.tenable.com/security/tns-2022-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/May/33 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/May/35 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2022/May/38 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2021/12/20/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202208-20 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211224-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213255 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213256 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT213257 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2022/dsa-5035 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2022-01 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/tns-2022-03 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| tenable | tenable.sc | * | |
| netapp | cloud_backup | - | |
| oracle | communications_element_manager | * | |
| oracle | communications_operations_monitor | 4.3 | |
| oracle | communications_operations_monitor | 4.4 | |
| oracle | communications_operations_monitor | 5.0 | |
| oracle | communications_session_report_manager | * | |
| oracle | communications_session_route_manager | * | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | http_server | 12.2.1.4.0 | |
| oracle | instantis_enterprisetrack | 17.1 | |
| oracle | instantis_enterprisetrack | 17.2 | |
| oracle | instantis_enterprisetrack | 17.3 | |
| oracle | zfs_storage_appliance_kit | 8.8 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | mac_os_x | 10.15.7 | |
| apple | macos | * | |
| apple | macos | * | |
| apple | macos | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03FD29A5-886E-4561-97D0-2267DA27A47D",
"versionEndExcluding": "2.4.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A939B08-CFD8-44D6-B06A-71819E7EFF21",
"versionEndExcluding": "5.20.0",
"versionStartIncluding": "5.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F2AD8797-A70D-4FC7-8A7B-1EF9F43AB4DF",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "676F28B8-F780-4441-8062-53E1D69200DF",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D164570-BB85-4090-B3C6-2CAB324BDAD6",
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
"matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*",
"matchCriteriaId": "D337EE21-2F00-484D-9285-F2B0248D7A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
"matchCriteriaId": "012052B5-9AA7-4FD3-9C80-5F615330039D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
"matchCriteriaId": "50F21A3C-0AC3-48C5-A4F8-5A7B478875B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
"matchCriteriaId": "8E974DC6-F7D9-4389-9AF9-863F6E419CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*",
"matchCriteriaId": "156A6382-2BD3-4882-90B2-8E7CF6659E17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*",
"matchCriteriaId": "20A2FDB2-6712-406A-9896-C0B44508B07D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*",
"matchCriteriaId": "49F537A0-DC42-4176-B22F-C80D179DD99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD2A211-4E62-40BF-9BA0-5239FA6F0AF8",
"versionEndExcluding": "10.15.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09A6345C-D813-43BA-B12E-789C80653F86",
"versionEndExcluding": "11.6.6",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "35154201-43EA-4C22-B0BA-D1A24C46D320",
"versionEndExcluding": "12.4",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier."
},
{
"lang": "es",
"value": "Un cuerpo de petici\u00f3n cuidadosamente dise\u00f1ado puede causar un desbordamiento de b\u00fafer en el analizador multiparte mod_lua (r:parsebody() llamado desde scripts Lua). El equipo de Apache httpd no presenta constancia de que se presente una explotaci\u00f3n para esta vulnerabilidad, aunque podr\u00eda ser posible dise\u00f1ar uno. Este problema afecta a Apache HTTP Server versiones 2.4.51 y anteriores"
}
],
"id": "CVE-2021-44790",
"lastModified": "2025-05-01T15:38:06.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-20T12:15:07.440",
"references": [
{
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "security@apache.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"source": "security@apache.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-03"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
CERTFR-2024-AVI-0027
Vulnerability from certfr_avis - Published: 2024-01-11 - Updated: 2024-01-11
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | CTPView versions versions antérieures à 9.1R5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved version antérieures à 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO | ||
| Juniper Networks | N/A | Paragon Active Assurance versions antérieures à 3.1.2, 3.2.3, 3.3.2 et 3.4.1 | ||
| Juniper Networks | Junos OS | Junos OS version antérieures à 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1 | ||
| Juniper Networks | Session Smart Router | Session Smart Router versions antérieures à SSR-6.2.3-r2 | ||
| Juniper Networks | N/A | Security Director Insights versions antérieures à 23.1R1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "CTPView versions versions ant\u00e9rieures \u00e0 9.1R5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved version ant\u00e9rieures \u00e0 20.4R2-EVO, 20.4R2-S2-EVO, 20.4R3-EVO, 20.4R3-S7-EVO, 21.1R2-EVO, 21.2R2-EVO, 21.2R3-S7-EVO, 21.3R2-EVO, 21.3R3-S5-EVO, 21.4R3-EVO, 21.4R3-S3-EVO, 21.4R3-S5-EVO, 21.4R3-S6-EVO, 22.1R3-EVO, 22.1R3-S2-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R2-S1-EVO, 22.2R2-S2-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.3R1-EVO, 22.3R2-EVO, 22.3R3-EVO, 22.3R3-S1-EVO, 22.4R1-EVO, 22.4R2-EVO, 22.4R2-S2-EVO, 22.4R3-EVO, 23.1R2-EVO, 23.2R1-EVO, 23.2R1-S1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.3R1-EVO et 23.4R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions ant\u00e9rieures \u00e0 3.1.2, 3.2.3, 3.3.2 et 3.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS version ant\u00e9rieures \u00e0 20.4R3-S3, 20.4R3-S6, 20.4R3-S7, 20.4R3-S8, 20.4R3-S9, 21.1R3-S4, 21.1R3-S5, 21.2R3, 21.2R3-S3, 21.2R3-S4, 21.2R3-S5, 21.2R3-S6, 21.2R3-S7, 21.3R2-S1, 21.3R3, 21.3R3-S3, 21.3R3-S4, 21.3R3-S5, 21.4R2, 21.4R3, 21.4R3-S3, 21.4R3-S4, 21.4R3-S5, 22.1R2, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.1R3-S2, 22.1R3-S3, 22.1R3-S4, 22.2R1, 22.2R2, 22.2R2-S1, 22.2R2-S2, 22.2R3, 22.2R3-S1, 22.2R3-S2, 22.2R3-S3, 22.3R1, 22.3R2, 22.3R2-S1, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.4R1, 22.4R1-S2, 22.4R2, 22.4R2-S1, 22.4R2-S2, 22.4R3, 23.1R1, 23.1R2, 23.2R1, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.3R1 et 23.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-6.2.3-r2",
"product": {
"name": "Session Smart Router",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Insights versions ant\u00e9rieures \u00e0 23.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3707"
},
{
"name": "CVE-2024-21602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21602"
},
{
"name": "CVE-2022-41974",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41974"
},
{
"name": "CVE-2023-38802",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38802"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-42720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42720"
},
{
"name": "CVE-2022-30594",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30594"
},
{
"name": "CVE-2022-41973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41973"
},
{
"name": "CVE-2023-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0461"
},
{
"name": "CVE-2024-21616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21616"
},
{
"name": "CVE-2021-25220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2023-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23454"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2022-2964",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-1281",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1281"
},
{
"name": "CVE-2024-21599",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21599"
},
{
"name": "CVE-2022-47929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47929"
},
{
"name": "CVE-2022-3628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3628"
},
{
"name": "CVE-2024-21614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21614"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-26464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26464"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2022-42703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42703"
},
{
"name": "CVE-2024-21607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21607"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2022-39189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39189"
},
{
"name": "CVE-2022-3239",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3239"
},
{
"name": "CVE-2022-43750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43750"
},
{
"name": "CVE-2022-3567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3567"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-20569",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20569"
},
{
"name": "CVE-2024-21596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21596"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2021-33656",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33656"
},
{
"name": "CVE-2023-1582",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1582"
},
{
"name": "CVE-2022-4129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4129"
},
{
"name": "CVE-2022-41218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41218"
},
{
"name": "CVE-2023-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2194"
},
{
"name": "CVE-2024-21604",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21604"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2020-9493",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9493"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-2196",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2196"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2022-42896",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42896"
},
{
"name": "CVE-2022-21699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21699"
},
{
"name": "CVE-2024-21600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21600"
},
{
"name": "CVE-2021-33655",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33655"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-1462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1462"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-21606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21606"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2022-41222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41222"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2022-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2663"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21591",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21591"
},
{
"name": "CVE-2020-12321",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
},
{
"name": "CVE-2022-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23307"
},
{
"name": "CVE-2022-3524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3524"
},
{
"name": "CVE-2022-39188",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39188"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2022-2795",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2795"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2022-43945",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
},
{
"name": "CVE-2022-3625",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3625"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-21587",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21587"
},
{
"name": "CVE-2022-42721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42721"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2022-4254",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4254"
},
{
"name": "CVE-2024-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21617"
},
{
"name": "CVE-2023-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1195"
},
{
"name": "CVE-2024-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21589"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2023-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
},
{
"name": "CVE-2022-20141",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-20141"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2024-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21595"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2023-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0394"
},
{
"name": "CVE-2022-22164",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22164"
},
{
"name": "CVE-2024-21597",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21597"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2021-26341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26341"
},
{
"name": "CVE-2022-38023",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38023"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2022-1679",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1679"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2022-3619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3619"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2023-1829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1829"
},
{
"name": "CVE-2022-25265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25265"
},
{
"name": "CVE-2022-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1789"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2022-3623",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3623"
},
{
"name": "CVE-2024-21611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21611"
},
{
"name": "CVE-2024-21613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21613"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2024-21612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21612"
},
{
"name": "CVE-2022-42722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42722"
},
{
"name": "CVE-2024-21603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21603"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-21585",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21585"
},
{
"name": "CVE-2022-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23302"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2023-36842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36842"
},
{
"name": "CVE-2022-4139",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
},
{
"name": "CVE-2024-21594",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21594"
},
{
"name": "CVE-2022-3028",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3028"
},
{
"name": "CVE-2022-3566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3566"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-41674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41674"
},
{
"name": "CVE-2024-21601",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21601"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
}
],
"initial_release_date": "2024-01-11T00:00:00",
"last_revision_date": "2024-01-11T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0027",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75723 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-rpd-process-crash-due-to-BGP-flap-on-NSR-enabled-devices-CVE-2024-21585"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75741 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-PTX-Series-In-an-FTI-scenario-MPLS-packets-hitting-reject-next-hop-will-cause-a-host-path-wedge-condition-CVE-2024-21600"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75752 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-jflow-scenario-continuous-route-churn-will-cause-a-memory-leak-and-eventually-an-rpd-crash-CVE-2024-21611"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75757 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Processing-of-a-specific-SIP-packet-causes-NAT-IP-allocation-to-fail-CVE-2024-21616"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75730 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-jdhcpd-will-hang-on-receiving-a-specific-DHCP-packet-CVE-2023-36842"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75734 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-EX4100-EX4400-EX4600-and-QFX5000-Series-A-high-rate-of-specific-ICMP-traffic-will-cause-the-PFE-to-hang-CVE-2024-21595"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75737 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Security-Director-Insights-Multiple-vulnerabilities-in-SDI"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75721 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-IPython-privilege-escalation-vulnerability-CVE-2022-21699"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75736 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-CTPView-Multiple-vulnerabilities-in-CTPView-CVE-yyyy-nnnn"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75747 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-flowd-will-crash-when-tcp-encap-is-enabled-and-specific-packets-are-received-CVE-2024-21606"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75758 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-BGP-flap-on-NSR-enabled-devices-causes-memory-leak-CVE-2024-21617"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11272 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2022-01-Security-Bulletin-Junos-OS-Evolved-Telnet-service-may-be-enabled-when-it-is-expected-to-be-disabled-CVE-2022-22164"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75727 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-CVE-2024-21589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75233 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75754 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-link-flap-causes-patroot-memory-leak-which-leads-to-rpd-crash-CVE-2024-21613"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75753 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-Specific-TCP-traffic-causes-OFP-core-and-restart-of-RE-CVE-2024-21612"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75742 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-Due-to-an-error-in-processing-TCP-events-flowd-will-crash-CVE-2024-21601"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75740 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-MPC3E-memory-leak-with-PTP-configuration-CVE-2024-21599"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75748 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-and-EX9200-Series-If-the-tcp-reset-option-used-in-an-IPv6-filter-matched-packets-are-accepted-instead-of-rejected-CVE-2024-21607"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75744 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-Gathering-statistics-in-a-scaled-SCU-DCU-configuration-will-lead-to-a-device-crash-CVE-2024-21603"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75743 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7100-32C-and-ACX7100-48L-Traffic-stops-when-a-specific-IPv4-UDP-packet-is-received-by-the-RE-CVE-2024-21602"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75738 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-MX-Series-In-an-AF-scenario-traffic-can-bypass-configured-lo0-firewall-filters-CVE-2024-21597"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75733 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Repeated-execution-of-a-specific-CLI-command-causes-a-flowd-crash-CVE-2024-21594"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75725 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Memory-leak-in-bbe-smgd-process-if-BFD-liveness-detection-for-DHCP-subscribers-is-enabled-CVE-2024-21587"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75755 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-query-via-DREND-causes-rpd-crash-CVE-2024-21614"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75735 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-specific-BGP-UPDATE-message-will-cause-a-crash-in-the-backup-Routing-Engine-CVE-2024-21596"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75745 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-traffic-will-cause-a-complete-system-outage-CVE-2024-21604"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA75729 du 10 janvier 2024",
"url": "https://supportportal.juniper.net/s/article/2024-01-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Security-Vulnerability-in-J-web-allows-a-preAuth-Remote-Code-Execution-CVE-2024-21591"
}
]
}
CERTFR-2022-AVI-006
Vulnerability from certfr_avis - Published: 2022-01-06 - Updated: 2022-01-06
De multiples vulnérabilités ont été découvertes dans les produits Tenable. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | N/A | Tenable.sc versions antérieures à 5.20.0 | ||
| Tenable | Nessus Network Monitor | Nessus Network Monitor versions antérieures à 6.0.0 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.20.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
},
{
"description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.0.0",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-0130",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0130"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
}
],
"initial_release_date": "2022-01-06T00:00:00",
"last_revision_date": "2022-01-06T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-006",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nTenable. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-01 du 05 janvier 2022",
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-02 du 05 janvier 2022",
"url": "https://www.tenable.com/security/tns-2022-02"
}
]
}
CERTFR-2022-AVI-467
Vulnerability from certfr_avis - Published: 2022-05-17 - Updated: 2022-05-17
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | N/A | SUSE Linux Enterprise High Availability 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Live Patching 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Basesystem 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise High Availability 12-SP5 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Development Tools 15-SP3 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.2 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time Extension 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Realtime 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.2 | ||
| SUSE | N/A | SUSE Linux Enterprise Software Development Kit 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.1 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Public Cloud 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 15-SP3 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12-SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Module for Legacy Software 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15-SP3 | ||
| SUSE | SUSE Linux Enterprise Desktop | SUSE Linux Enterprise Desktop 12-SP5 | ||
| SUSE | N/A | SUSE Linux Enterprise Realtime Extension 15-SP3 | ||
| SUSE | N/A | SUSE Linux Enterprise Workstation Extension 12-SP5 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Availability 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Live Patching 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Basesystem 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Development Tools 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time Extension 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Realtime 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Software Development Kit 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Public Cloud 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15-SP3",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12-SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Module for Legacy Software 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15-SP3",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Desktop 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Desktop",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Realtime Extension 15-SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Workstation Extension 12-SP5",
"product": {
"name": "N/A",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26701"
},
{
"name": "CVE-2022-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26722"
},
{
"name": "CVE-2022-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26769"
},
{
"name": "CVE-2022-26761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26761"
},
{
"name": "CVE-2021-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
},
{
"name": "CVE-2022-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26751"
},
{
"name": "CVE-2022-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
},
{
"name": "CVE-2022-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26693"
},
{
"name": "CVE-2022-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26700"
},
{
"name": "CVE-2022-26753",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26753"
},
{
"name": "CVE-2022-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26763"
},
{
"name": "CVE-2022-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26776"
},
{
"name": "CVE-2022-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26772"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2022-26756",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26756"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2022-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26766"
},
{
"name": "CVE-2022-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26744"
},
{
"name": "CVE-2022-26770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26770"
},
{
"name": "CVE-2022-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26739"
},
{
"name": "CVE-2022-22589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22589"
},
{
"name": "CVE-2022-26723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26723"
},
{
"name": "CVE-2022-22674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"
},
{
"name": "CVE-2022-26760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26760"
},
{
"name": "CVE-2022-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26754"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26740"
},
{
"name": "CVE-2022-26762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26762"
},
{
"name": "CVE-2022-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26717"
},
{
"name": "CVE-2022-26708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26708"
},
{
"name": "CVE-2022-24765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
},
{
"name": "CVE-2022-26711",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26711"
},
{
"name": "CVE-2022-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26764"
},
{
"name": "CVE-2022-26765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26765"
},
{
"name": "CVE-2022-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26775"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
},
{
"name": "CVE-2022-26742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26742"
},
{
"name": "CVE-2022-22665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2022-22677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22677"
},
{
"name": "CVE-2022-22673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22673"
},
{
"name": "CVE-2022-26768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2022-26738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26738"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-26719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26719"
},
{
"name": "CVE-2022-22675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"
},
{
"name": "CVE-2022-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26720"
},
{
"name": "CVE-2022-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26698"
},
{
"name": "CVE-2022-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26748"
},
{
"name": "CVE-2022-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26749"
},
{
"name": "CVE-2022-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26714"
},
{
"name": "CVE-2022-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26747"
},
{
"name": "CVE-2022-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26726"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
},
{
"name": "CVE-2022-26755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26755"
},
{
"name": "CVE-2022-26725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26725"
},
{
"name": "CVE-2021-45444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45444"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-22663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22663"
},
{
"name": "CVE-2022-26721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26721"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-26741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26741"
},
{
"name": "CVE-2022-26728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26728"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2022-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26743"
},
{
"name": "CVE-2022-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26727"
},
{
"name": "CVE-2022-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26737"
},
{
"name": "CVE-2022-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26736"
},
{
"name": "CVE-2022-26715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26715"
},
{
"name": "CVE-2022-26731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26731"
},
{
"name": "CVE-2022-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26767"
},
{
"name": "CVE-2022-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26771"
},
{
"name": "CVE-2015-4142",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4142"
},
{
"name": "CVE-2022-26724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26724"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2022-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26752"
},
{
"name": "CVE-2022-26706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26706"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2022-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26750"
},
{
"name": "CVE-2021-46059",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
},
{
"name": "CVE-2022-26745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26745"
},
{
"name": "CVE-2022-26746",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26746"
},
{
"name": "CVE-2022-26716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26716"
},
{
"name": "CVE-2022-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26712"
},
{
"name": "CVE-2022-26710",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26710"
},
{
"name": "CVE-2022-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26718"
},
{
"name": "CVE-2022-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26694"
},
{
"name": "CVE-2022-26703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26703"
},
{
"name": "CVE-2022-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26697"
},
{
"name": "CVE-2022-26709",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26709"
},
{
"name": "CVE-2022-26757",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26757"
}
],
"initial_release_date": "2022-05-17T00:00:00",
"last_revision_date": "2022-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-467",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de\nSUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221686-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221686-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221669-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221669-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221668-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221668-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221687-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221687-1/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SUSE suse-su-20221676-1 du 16 mai 2022",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221676-1/"
}
]
}
CERTFR-2023-AVI-0051
Vulnerability from certfr_avis - Published: 2023-01-23 - Updated: 2023-01-23
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | NorthStar Controller versions antérieures à 6.2.3 | ||
| Juniper Networks | N/A | Contrail Cloud versions antérieures à 13.7.0 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO | ||
| Juniper Networks | N/A | Juniper Networks Contrail Service Orchestration (CSO) versions antérieures à 6.3.0 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.3R1 | ||
| Juniper Networks | N/A | Cloud Native Contrail Networking versions antérieures à R22.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NorthStar Controller versions ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Contrail Cloud versions ant\u00e9rieures \u00e0 13.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.3R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Cloud Native Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40085"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-22403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22403"
},
{
"name": "CVE-2020-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2023-22393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22393"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2023-22407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-22394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22394"
},
{
"name": "CVE-2020-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-22404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22404"
},
{
"name": "CVE-2020-14562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14562"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2023-22405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22405"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2023-22409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22409"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2023-22416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22416"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2018-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8046"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2023-22402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22402"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2023-22400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22400"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2020-0549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2023-22397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22397"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2020-8698",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2023-22399",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22399"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2023-22398",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22398"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2023-22401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22401"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2023-22396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22396"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2020-24489",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
},
{
"name": "CVE-2023-22417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22417"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2020-14573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14573"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2020-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2020-35498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35498"
},
{
"name": "CVE-2023-22406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22406"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2020-27827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
},
{
"name": "CVE-2023-22391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22391"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-22412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22412"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-22415",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22415"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2007-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2285"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2023-22410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22410"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2023-22408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22408"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-21549",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21549"
},
{
"name": "CVE-2020-14871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-3504",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3504"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2023-22414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22414"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-22411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22411"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2022-21277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21277"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2019-11287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11287"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2020-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2020-0548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2023-22413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22413"
},
{
"name": "CVE-2023-22395",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22395"
},
{
"name": "CVE-2021-35940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35940"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
}
],
"initial_release_date": "2023-01-23T00:00:00",
"last_revision_date": "2023-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70195 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10K-Series-PFE-crash-upon-receipt-of-specific-genuine-packets-when-sFlow-is-enabled-CVE-2023-22399?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70183 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-13-7-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70203 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-RPD-crash-can-happen-due-to-an-MPLS-TE-tunnel-configuration-change-on-a-directly-connected-router-CVE-2023-22407?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70192 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Receipt-of-crafted-TCP-packets-on-Ethernet-console-port-results-in-MBUF-leak-leading-to-Denial-of-Service-DoS-CVE-2023-22396?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70213 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-A-memory-leak-might-be-observed-in-IPsec-VPN-scenario-leading-to-an-FPC-crash-CVE-2023-22417?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70193 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-PTX10003-An-attacker-sending-specific-genuine-packets-will-cause-a-memory-leak-in-the-PFE-leading-to-a-Denial-of-Service-CVE-2023-22397?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70181 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-might-crash-when-MPLS-ping-is-performed-on-BGP-LSPs-CVE-2023-22398?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70186 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70179 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Northstar-Controller-Pivotal-RabbitMQ-contains-a-web-management-plugin-that-is-vulnerable-to-a-Denial-of-Service-DoS-attack-CVE-2019-11287?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70208 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flowd-daemon-will-crash-if-the-SIP-ALG-is-enabled-and-specific-SIP-messages-are-processed-CVE-2023-22412?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70201 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX5k-Series-EX46xx-Series-MAC-limiting-feature-stops-working-after-PFE-restart-device-reboot--CVE-2023-22405?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70209 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-FPC-crash-when-an-IPsec6-tunnel-processes-specific-IPv4-packets-CVE-2023-22413?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70187 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-ACX2K-Series-Receipt-of-a-high-rate-of-specific-traffic-will-lead-to-a-Denial-of-Service-DoS-CVE-2023-22391?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70199 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10k-Series-ICCP-flap-will-be-observed-due-to-excessive-specific-traffic-CVE-2023-22403?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70180 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-OpenSSL-Infinite-loop-in-BN-mod-sqrt-reachable-when-parsing-certificates-CVE-2022-0778?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70198 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-The-kernel-might-restart-in-a-BGP-scenario-where-bgp-auto-discovery-is-enabled-and-such-a-neighbor-flaps-CVE-2023-22402?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70196 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70197 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PTX10008-PTX10016-When-a-specific-SNMP-MIB-is-queried-the-FPC-will-crash-CVE-2023-22401?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70202 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-memory-leak-which-will-ultimately-lead-to-an-rpd-crash-will-be-observed-when-a-peer-interface-flaps-continuously-in-a-Segment-Routing-scenario-CVE-2023-22406?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70190 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Memory-leak-due-to-receipt-of-specially-crafted-SIP-calls-CVE-2023-22394?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70191 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-In-an-MPLS-scenario-the-processing-of-specific-packets-to-the-device-causes-a-buffer-leak-and-ultimately-a-loss-of-connectivity-CVE-2023-22395?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70204 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Upon-processing-of-a-specific-SIP-packet-an-FPC-can-crash-CVE-2023-22408?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70200 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-When-IPsec-VPN-is-configured-iked-will-core-when-a-specifically-formatted-payload-is-received-CVE-2023-22404?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70212 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-if-SIP-ALG-is-enabled-and-a-malicious-SIP-packet-is-received-CVE-2023-22416?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70185 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70211 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flow-processing-daemon-flowd-will-crash-when-a-specific-H-323-packet-is-received-CVE-2023-22415?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70210 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-An-FPC-memory-leak-is-observed-when-specific-multicast-packets-are-processed-CVE-2023-22414?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70206 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-When-Suspicious-Control-Flow-Detection-scfd-is-enabled-and-an-attacker-is-sending-specific-traffic-this-causes-a-memory-leak-CVE-2023-22410?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70205 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-SPC3-When-an-inconsistent-NAT-configuration-exists-and-a-specific-CLI-command-is-issued-the-SPC-will-reboot-CVE-2023-22409?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70182 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70189 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-BGP-route-with-invalid-next-hop-CVE-2023-22393?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70207 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-when-Unified-Policies-are-used-with-IPv6-and-certain-dynamic-applications-are-rejected-by-the-device-CVE-2023-22411?language=en_US"
}
]
}
CERTFR-2021-AVI-972
Vulnerability from certfr_avis - Published: 2021-12-21 - Updated: 2021-12-21
De multiples vulnérabilités ont été découvertes dans Apache httpd. Elles permettent à un attaquant de provoquer un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apache httpd versions ant\u00e9rieures \u00e0 2.4.52",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
}
],
"initial_release_date": "2021-12-21T00:00:00",
"last_revision_date": "2021-12-21T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-972",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apache httpd. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apache httpd",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache 2.4.52 du 20 d\u00e9cembre 2021",
"url": "https://downloads.apache.org/httpd/CHANGES_2.4.52"
}
]
}
CERTFR-2022-AVI-192
Vulnerability from certfr_avis - Published: 2022-03-01 - Updated: 2022-03-01
De multiples vulnérabilités ont été découvertes dans IBM QRadar SIEM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar SIEM | IBM QRadar SIEM version 7.5.0 GA sans le correctif de sécurité Update Pack 1 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.4.3 GA antérieures à 7.4.3 Fix Pack 4 Interim Fix 04 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions 7.3.3 GA antérieures à 7.3.3 Fix Pack 10 Interim Fix 02 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM QRadar SIEM version 7.5.0 GA sans le correctif de s\u00e9curit\u00e9 Update Pack 1",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.4.3 GA ant\u00e9rieures \u00e0 7.4.3 Fix Pack 4 Interim Fix 04",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions 7.3.3 GA ant\u00e9rieures \u00e0 7.3.3 Fix Pack 10 Interim Fix 02",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
}
],
"initial_release_date": "2022-03-01T00:00:00",
"last_revision_date": "2022-03-01T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-192",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-01T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM QRadar SIEM.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM QRadar SIEM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6560142 du 28 f\u00e9vrier 2022",
"url": "https://www.ibm.com/support/pages/node/6560142"
}
]
}
CERTFR-2022-AVI-466
Vulnerability from certfr_avis - Published: 2022-05-17 - Updated: 2022-05-17
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | Apple iOS versions antérieures à 15.5 | ||
| Apple | macOS | Apple macOS Monterey versions antérieures à 12.4 | ||
| Apple | N/A | Apple tvOS versions antérieures à 15.5 | ||
| Apple | Safari | Apple Safari versions antérieures à 15.5 | ||
| Apple | N/A | Apple watchOS versions antérieures à 8.6 | ||
| Apple | N/A | Apple Xcode versions antérieures à 13.4 | ||
| Apple | macOS | Apple macOS Catalina versions antérieures à 2022-004 | ||
| Apple | N/A | Apple iPadOS versions antérieures à 15.5 | ||
| Apple | macOS | Apple macOS Big Sur versions antérieures à 11.6.6 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Apple iOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Monterey versions ant\u00e9rieures \u00e0 12.4",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple tvOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Safari versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple watchOS versions ant\u00e9rieures \u00e0 8.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple Xcode versions ant\u00e9rieures \u00e0 13.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Catalina versions ant\u00e9rieures \u00e0 2022-004",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple iPadOS versions ant\u00e9rieures \u00e0 15.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Apple macOS Big Sur versions ant\u00e9rieures \u00e0 11.6.6",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-26701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26701"
},
{
"name": "CVE-2022-26722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26722"
},
{
"name": "CVE-2022-26769",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26769"
},
{
"name": "CVE-2022-26761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26761"
},
{
"name": "CVE-2021-4192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4192"
},
{
"name": "CVE-2022-26751",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26751"
},
{
"name": "CVE-2022-26702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
},
{
"name": "CVE-2022-26693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26693"
},
{
"name": "CVE-2022-26700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26700"
},
{
"name": "CVE-2022-26753",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26753"
},
{
"name": "CVE-2022-26763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26763"
},
{
"name": "CVE-2022-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26776"
},
{
"name": "CVE-2022-26772",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26772"
},
{
"name": "CVE-2021-4173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
},
{
"name": "CVE-2022-26756",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26756"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2022-26766",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26766"
},
{
"name": "CVE-2022-26744",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26744"
},
{
"name": "CVE-2022-26770",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26770"
},
{
"name": "CVE-2022-26739",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26739"
},
{
"name": "CVE-2022-22589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22589"
},
{
"name": "CVE-2022-26723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26723"
},
{
"name": "CVE-2022-22674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22674"
},
{
"name": "CVE-2022-26760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26760"
},
{
"name": "CVE-2022-26754",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26754"
},
{
"name": "CVE-2021-4136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
},
{
"name": "CVE-2022-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26740"
},
{
"name": "CVE-2022-26762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26762"
},
{
"name": "CVE-2022-26717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26717"
},
{
"name": "CVE-2022-26708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26708"
},
{
"name": "CVE-2022-24765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24765"
},
{
"name": "CVE-2022-26711",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26711"
},
{
"name": "CVE-2022-26764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26764"
},
{
"name": "CVE-2022-26765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26765"
},
{
"name": "CVE-2022-26775",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26775"
},
{
"name": "CVE-2021-4166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
},
{
"name": "CVE-2022-0128",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0128"
},
{
"name": "CVE-2022-26742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26742"
},
{
"name": "CVE-2022-22665",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22665"
},
{
"name": "CVE-2022-0530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0530"
},
{
"name": "CVE-2022-22677",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22677"
},
{
"name": "CVE-2022-22673",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22673"
},
{
"name": "CVE-2022-26768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26768"
},
{
"name": "CVE-2021-4193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4193"
},
{
"name": "CVE-2022-26738",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26738"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-26719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26719"
},
{
"name": "CVE-2022-22675",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22675"
},
{
"name": "CVE-2022-26720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26720"
},
{
"name": "CVE-2022-26698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26698"
},
{
"name": "CVE-2022-26748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26748"
},
{
"name": "CVE-2022-26749",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26749"
},
{
"name": "CVE-2022-26714",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26714"
},
{
"name": "CVE-2022-26747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26747"
},
{
"name": "CVE-2022-26726",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26726"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-26704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26704"
},
{
"name": "CVE-2022-26755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26755"
},
{
"name": "CVE-2022-26725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26725"
},
{
"name": "CVE-2021-45444",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45444"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-22663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22663"
},
{
"name": "CVE-2022-26721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26721"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2022-26741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26741"
},
{
"name": "CVE-2022-26728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26728"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2022-26743",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26743"
},
{
"name": "CVE-2022-26727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26727"
},
{
"name": "CVE-2022-26737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26737"
},
{
"name": "CVE-2022-26736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26736"
},
{
"name": "CVE-2022-26715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26715"
},
{
"name": "CVE-2022-26731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26731"
},
{
"name": "CVE-2022-26767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26767"
},
{
"name": "CVE-2022-26771",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26771"
},
{
"name": "CVE-2015-4142",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4142"
},
{
"name": "CVE-2022-26724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26724"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2022-26752",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26752"
},
{
"name": "CVE-2022-26706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26706"
},
{
"name": "CVE-2021-4187",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
},
{
"name": "CVE-2022-26750",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26750"
},
{
"name": "CVE-2021-46059",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46059"
},
{
"name": "CVE-2022-26745",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26745"
},
{
"name": "CVE-2022-26746",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26746"
},
{
"name": "CVE-2022-26716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26716"
},
{
"name": "CVE-2022-26712",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26712"
},
{
"name": "CVE-2022-26710",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26710"
},
{
"name": "CVE-2022-26718",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26718"
},
{
"name": "CVE-2022-26694",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26694"
},
{
"name": "CVE-2022-26703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26703"
},
{
"name": "CVE-2022-26697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26697"
},
{
"name": "CVE-2022-26709",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26709"
},
{
"name": "CVE-2022-26757",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26757"
}
],
"initial_release_date": "2022-05-17T00:00:00",
"last_revision_date": "2022-05-17T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-466",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213257 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213257"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213255 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213255"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213261 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213261"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213256 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213256"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213253 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213253"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213254 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213254"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213258 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213258"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT213260 du 16 mai 2022",
"url": "https://support.apple.com/fr-fr/HT213260"
}
]
}
CERTFR-2022-AVI-038
Vulnerability from certfr_avis - Published: 2022-01-13 - Updated: 2022-01-13
De multiples vulnérabilités ont été découvertes dans Tenable.sc. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Elles sont en rapport avec les vulnérabilités du produit Apache décrites dans l'avis de sécurité CERTFR-2021-AVI-972 du 21 décembre 2021.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.20.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
}
],
"initial_release_date": "2022-01-13T00:00:00",
"last_revision_date": "2022-01-13T00:00:00",
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 CERTFR-2021-AVI-972 du 21 d\u00e9cembre 2021",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-972"
}
],
"reference": "CERTFR-2022-AVI-038",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable.sc.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n\nElles sont en rapport avec les vuln\u00e9rabilit\u00e9s du produit Apache d\u00e9crites\ndans l\u0027avis de s\u00e9curit\u00e9\n[CERTFR-2021-AVI-972](/avis/CERTFR-2021-AVI-972)\ndu 21 d\u00e9cembre 2021.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable.sc",
"vendor_advisories": [
{
"published_at": "2022-01-12",
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2022-03",
"url": "https://www.tenable.com/security/tns-2022-03"
}
]
}
CERTFR-2022-AVI-035
Vulnerability from certfr_avis - Published: 2022-01-13 - Updated: 2022-01-13
De multiples vulnérabilités ont été découvertes dans IBM WebSphere. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Elles sont en rapport avec les vulnérabilités du produit Apache décrites dans l'avis de sécurité CERTFR-2021-AVI-972 du 21 décembre 2021.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "WebSphere toutes versions utilisant IBM HTTP Server versions 9.0.x ant\u00e9rieures \u00e0 la version 9.0.5.11",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
}
],
"initial_release_date": "2022-01-13T00:00:00",
"last_revision_date": "2022-01-13T00:00:00",
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 du CERT-FR du 21 d\u00e9cembre 2021",
"url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2021-AVI-972/"
}
],
"reference": "CERTFR-2022-AVI-035",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM WebSphere.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n\nElles sont en rapport avec les vuln\u00e9rabilit\u00e9s du produit Apache d\u00e9crites\ndans l\u0027avis de s\u00e9curit\u00e9\n[CERTFR-2021-AVI-972](/avis/CERTFR-2021-AVI-972)\ndu 21 d\u00e9cembre 2021.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM WebSphere",
"vendor_advisories": [
{
"published_at": "2022-01-12",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6540288",
"url": "https://www.ibm.com/support/pages/node/6540288"
}
]
}
CERTFR-2024-AVI-0575
Vulnerability from certfr_avis - Published: 2024-07-12 - Updated: 2024-10-15
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.4 antérieures à 22.4R3-S2 | ||
| Juniper Networks | N/A | Junos OS versions 23.2 antérieures à 23.2R2-S1 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.2 antérieures à SSR-6.2.5-r2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.4-EVO antérieures à 22.4R3-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.2-EVO antérieures à 23.2R2-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.2 antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.3-EVO antérieures à 21.3R3-S5-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.2-EVO antérieures à 21.2R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 20.4R3-S9 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R2-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Session Smart Router versions 6.1 antérieures à SSR-6.1.8-lts | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 antérieures à 20.4R3-S10 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-EVO | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 antérieures à 22.4R3 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 antérieures à 22.2R3-S1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS versions 21.4 antérieures à 21.4R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS versions 23.4 antérieures à 23.4R1-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 antérieures à 22.2R3-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 23.2R1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.1 antérieures à 22.1R3-S6 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions antérieures à 21.2R3-S6 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.2 antérieures à 22.2R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R1-S1-EVO | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.4R3-S8 | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R3-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R1-S1 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions antérieures à 21.2R3-S7 | ||
| Juniper Networks | N/A | Session Smart Router versions antérieures à SSR-5.6.14 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 antérieures à 22.1R3-S2 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 antérieures à 22.3R3-S1 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.4R3-S7-EVO | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.3-EVO antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R1-S2 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R1-S1-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R3-S3-EVO | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos Space versions antérieures à 24.1R1 | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.3-EVO antérieures à 22.3R2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS versions 22.4 antérieures à 22.4R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 20.4R3-S10-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.4 antérieures à 22.4R3-S1 | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R1-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.4-EVO antérieures à 22.4R2-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions antérieures à 21.2R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 antérieures à 22.4R2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 22.1 antérieures à 22.1R3-S5 | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à before 22.1R3-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 antérieures à 22.3R2-S1 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 21.4-EVO antérieures à 21.4R3-S8-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 antérieures à 22.1R3-S4 | ||
| Juniper Networks | N/A | Junos OS versions 21.3 antérieures à 21.3R3-S5 | ||
| Juniper Networks | N/A | Junos OS versions antérieures à 22.1R2-S2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.1-EVO antérieures à 22.1R3-S6-EVO | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R3-S4 | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 21.4 antérieures à 21.4R3-S7 | ||
| Juniper Networks | N/A | Junos OS Evolved on ACX7000 Series versions 23.4-EVO antérieures à 23.4R1-S2-EVO | ||
| Juniper Networks | N/A | Junos OS Evolved versions antérieures à 22.4R2-EVO | ||
| Juniper Networks | N/A | Junos OS on MX Series with SPC3 line card versions 23.2 antérieures à 23.2R2 | ||
| Juniper Networks | N/A | Junos OS versions 22.2 antérieures à 22.2R2-S1 | ||
| Juniper Networks | N/A | Junos OS versions 23.1 antérieures à 23.1R2 | ||
| Juniper Networks | N/A | Junos OS on MX Series versions 22.3 antérieures à 22.3R3-S2 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R3-S3 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions antérieures à 21.2R3-S8 | ||
| Juniper Networks | N/A | Junos OS versions 22.3 antérieures à 22.3R2-S2 | ||
| Juniper Networks | N/A | Junos OS on QFX5000 Series and EX4600 Series versions 21.4 antérieures à 21.4R3-S6 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 22.2-EVO antérieures à 22.2R2-S1-EVO | ||
| Juniper Networks | N/A | Junos OS on SRX4600 and SRX5000 Series versions 23.4 antérieures à 23.4R2 | ||
| Juniper Networks | N/A | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R1-S2-EVO |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.2 ant\u00e9rieures \u00e0 SSR-6.2.5-r2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3-EVO ant\u00e9rieures \u00e0 21.3R3-S5-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2-EVO ant\u00e9rieures \u00e0 21.2R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions 6.1 ant\u00e9rieures \u00e0 SSR-6.1.8-lts",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 20.4 ant\u00e9rieures \u00e0 20.4R3-S10",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.4 ant\u00e9rieures \u00e0 22.4R3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4 ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 23.2R1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.2 ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions ant\u00e9rieures \u00e0 21.2R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.4R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R1-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions ant\u00e9rieures \u00e0 21.2R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Session Smart Router versions ant\u00e9rieures \u00e0 SSR-5.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R1-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R3-S3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3-EVO ant\u00e9rieures \u00e0 22.3R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S10-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.4 ant\u00e9rieures \u00e0 22.4R3-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R1-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4-EVO ant\u00e9rieures \u00e0 22.4R2-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.4 ant\u00e9rieures \u00e0 22.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 before 22.1R3-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX Series, MX Series with SPC3 and NFX350 versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4-EVO ant\u00e9rieures \u00e0 21.4R3-S8-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "SRX Series and MX Series with SPC3 and MS-MPC/MIC versions 22.1 ant\u00e9rieures \u00e0 22.1R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3 ant\u00e9rieures \u00e0 21.3R3-S5",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.1R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.1-EVO ant\u00e9rieures \u00e0 22.1R3-S6-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R3-S4",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S7",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved on ACX7000 Series versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series with SPC3 line card versions 23.2 ant\u00e9rieures \u00e0 23.2R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2 ant\u00e9rieures \u00e0 22.2R2-S1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.1 ant\u00e9rieures \u00e0 23.1R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on MX Series versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R3-S3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions ant\u00e9rieures \u00e0 21.2R3-S8",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3 ant\u00e9rieures \u00e0 22.3R2-S2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on QFX5000 Series and EX4600 Series versions 21.4 ant\u00e9rieures \u00e0 21.4R3-S6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2-EVO ant\u00e9rieures \u00e0 22.2R2-S1-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS on SRX4600 and SRX5000 Series versions 23.4 ant\u00e9rieures \u00e0 23.4R2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R1-S2-EVO",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-39560",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39560"
},
{
"name": "CVE-2023-32435",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32435"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2024-39554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39554"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-39539",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39539"
},
{
"name": "CVE-2021-36160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36160"
},
{
"name": "CVE-2020-12401",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12401"
},
{
"name": "CVE-2024-39558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39558"
},
{
"name": "CVE-2022-30522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30522"
},
{
"name": "CVE-2021-37701",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37701"
},
{
"name": "CVE-2022-21460",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21460"
},
{
"name": "CVE-2021-31535",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
},
{
"name": "CVE-2022-36760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-39552",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39552"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2019-11727",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11727"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2023-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2002"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2020-13950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13950"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2024-39546",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39546"
},
{
"name": "CVE-2024-39540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39540"
},
{
"name": "CVE-2018-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3737"
},
{
"name": "CVE-2024-39543",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39543"
},
{
"name": "CVE-2020-11984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
},
{
"name": "CVE-2022-22721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22721"
},
{
"name": "CVE-2021-35624",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35624"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39514",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39514"
},
{
"name": "CVE-2022-25147",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25147"
},
{
"name": "CVE-2021-35604",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35604"
},
{
"name": "CVE-2021-42013",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42013"
},
{
"name": "CVE-2023-34059",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34059"
},
{
"name": "CVE-2024-39529",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39529"
},
{
"name": "CVE-2006-20001",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-20001"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2022-29167",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29167"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-10747",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10747"
},
{
"name": "CVE-2023-34058",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34058"
},
{
"name": "CVE-2011-5094",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5094"
},
{
"name": "CVE-2019-16776",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16776"
},
{
"name": "CVE-2022-21589",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21589"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2019-10097",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10097"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2023-2828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2828"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2023-4206",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4206"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-39536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39536"
},
{
"name": "CVE-2024-39555",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39555"
},
{
"name": "CVE-2022-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3564"
},
{
"name": "CVE-2023-3611",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3611"
},
{
"name": "CVE-2020-13938",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13938"
},
{
"name": "CVE-2016-10540",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10540"
},
{
"name": "CVE-2019-10082",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10082"
},
{
"name": "CVE-2023-42753",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
},
{
"name": "CVE-2016-1000232",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000232"
},
{
"name": "CVE-2015-9262",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
},
{
"name": "CVE-2023-32360",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32360"
},
{
"name": "CVE-2021-37713",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37713"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2024-39561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39561"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2019-17023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17023"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2020-35452",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35452"
},
{
"name": "CVE-2023-4207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4207"
},
{
"name": "CVE-2022-21617",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21617"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2021-37712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37712"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2023-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30630"
},
{
"name": "CVE-2022-21608",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21608"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2023-20593",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20593"
},
{
"name": "CVE-2024-39535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39535"
},
{
"name": "CVE-2024-39545",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39545"
},
{
"name": "CVE-2024-39531",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39531"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2019-16777",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16777"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2019-10081",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10081"
},
{
"name": "CVE-2020-1934",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1934"
},
{
"name": "CVE-2022-30556",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30556"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2024-39530",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39530"
},
{
"name": "CVE-2024-39532",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39532"
},
{
"name": "CVE-2023-27522",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27522"
},
{
"name": "CVE-2024-39557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39557"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2024-39550",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39550"
},
{
"name": "CVE-2022-28615",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28615"
},
{
"name": "CVE-2022-21451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21451"
},
{
"name": "CVE-2014-10064",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-10064"
},
{
"name": "CVE-2024-39511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39511"
},
{
"name": "CVE-2022-23943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23943"
},
{
"name": "CVE-2024-39548",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39548"
},
{
"name": "CVE-2020-11993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11993"
},
{
"name": "CVE-2023-22652",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22652"
},
{
"name": "CVE-2024-39528",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39528"
},
{
"name": "CVE-2023-3341",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3341"
},
{
"name": "CVE-2023-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22025"
},
{
"name": "CVE-2021-43527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2024-39559",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39559"
},
{
"name": "CVE-2014-7191",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-7191"
},
{
"name": "CVE-2021-2356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2356"
},
{
"name": "CVE-2020-36049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36049"
},
{
"name": "CVE-2023-4208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4208"
},
{
"name": "CVE-2021-41524",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41524"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2020-12402",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12402"
},
{
"name": "CVE-2019-11719",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11719"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2024-39519",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39519"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2019-17006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17006"
},
{
"name": "CVE-2022-21595",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21595"
},
{
"name": "CVE-2019-16775",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16775"
},
{
"name": "CVE-2020-12403",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12403"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2023-2700",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2700"
},
{
"name": "CVE-2020-7754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7754"
},
{
"name": "CVE-2024-39533",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39533"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2021-26690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26690"
},
{
"name": "CVE-2022-22719",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22719"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-46663",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46663"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
},
{
"name": "CVE-2024-39513",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39513"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2022-21417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21417"
},
{
"name": "CVE-2024-39518",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39518"
},
{
"name": "CVE-2023-37450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37450"
},
{
"name": "CVE-2021-30641",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30641"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2022-31813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31813"
},
{
"name": "CVE-2023-34969",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-34969"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2018-20834",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20834"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2020-1927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1927"
},
{
"name": "CVE-2022-21592",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21592"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2023-25690",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25690"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2019-10092",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
},
{
"name": "CVE-2024-39541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39541"
},
{
"name": "CVE-2021-44224",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44224"
},
{
"name": "CVE-2024-39537",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39537"
},
{
"name": "CVE-2022-21444",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21444"
},
{
"name": "CVE-2019-17567",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17567"
},
{
"name": "CVE-2018-7408",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7408"
},
{
"name": "CVE-2019-20149",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20149"
},
{
"name": "CVE-2024-20932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20932"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-39551",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39551"
},
{
"name": "CVE-2023-4863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4863"
},
{
"name": "CVE-2022-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29404"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2019-11756",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11756"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2024-39565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39565"
},
{
"name": "CVE-2021-31618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31618"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2024-39549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39549"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2021-33193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33193"
},
{
"name": "CVE-2021-41773",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41773"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2022-26377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2020-9490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9490"
},
{
"name": "CVE-2020-28502",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28502"
},
{
"name": "CVE-2024-39556",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39556"
},
{
"name": "CVE-2022-37436",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37436"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2023-32439",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32439"
},
{
"name": "CVE-2020-12400",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12400"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2022-28330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28330"
},
{
"name": "CVE-2024-39542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39542"
},
{
"name": "CVE-2022-21454",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21454"
},
{
"name": "CVE-2017-1000048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000048"
},
{
"name": "CVE-2022-21427",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21427"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2020-6829",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6829"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
},
{
"name": "CVE-2019-10098",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10098"
},
{
"name": "CVE-2024-39538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39538"
},
{
"name": "CVE-2022-28614",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28614"
}
],
"initial_release_date": "2024-07-12T00:00:00",
"last_revision_date": "2024-10-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0575",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-07-12T00:00:00.000000"
},
{
"description": "Correction d\u0027identifiants CVE erron\u00e9s",
"revision_date": "2024-10-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83001",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Inconsistent-information-in-the-TE-database-can-lead-to-an-rpd-crash-CVE-2024-39541"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82976",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-The-802-1X-Authentication-Daemon-crashes-on-running-a-specific-command-CVE-2024-39511"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83027",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83021",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX4600-SRX5000-Series-TCP-packets-with-SYN-FIN-or-SYN-RST-are-transferred-after-enabling-no-syn-check-with-Express-Path-CVE-2024-39561"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83018",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-PIM-packet-causes-rpd-crash-when-PIM-is-configured-along-with-MoFRR-CVE-2024-39558"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82987",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crashes-upon-concurrent-deletion-of-a-routing-instance-and-receipt-of-an-SNMP-request-CVE-2024-39528"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82982",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX240-MX480-MX960-platforms-using-MPC10E-Memory-leak-will-be-observed-when-subscribed-to-a-specific-subscription-on-Junos-Telemetry-Interface-CVE-2024-39518"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83012",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-line-card-Port-flaps-causes-rtlogd-memory-leak-leading-to-Denial-of-Service-CVE-2024-39550"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83019",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-a-specific-TCP-packet-may-result-in-a-system-crash-vmcore-on-dual-RE-systems-with-NSR-enabled-CVE-2024-39559"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83004",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-large-RPKI-RTR-PDU-packet-can-cause-rpd-to-crash-CVE-2024-39543"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83010",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specific-packets-in-the-aftmand-process-will-lead-to-a-memory-leak-CVE-2024-39548"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83014",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-multipath-incremental-calculation-is-resulting-in-an-rpd-crash-CVE-2024-39554"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82996",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Flaps-of-BFD-sessions-with-authentication-cause-a-ppmd-memory-leak-CVE-2024-39536"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82980",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receiving-specific-traffic-on-devices-with-EVPN-VPWS-with-IGMP-snooping-enabled-will-cause-the-rpd-to-crash-CVE-2024-39514"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83000",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-Specific-valid-TCP-traffic-can-cause-a-pfe-crash-CVE-2024-39540"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83008",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Local-low-privilege-user-can-gain-root-permissions-leading-to-privilege-escalation-CVE-2024-39546"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82991",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Protocol-specific-DDoS-configuration-affects-other-protocols-CVE-2024-39531"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83011",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Receipt-of-malformed-BGP-path-attributes-leads-to-a-memory-leak-CVE-2024-39549"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82989",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Attempting-to-access-specific-sensors-on-platforms-not-supporting-these-will-lead-to-a-chassisd-crash-CVE-2024-39530"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82997",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Ports-which-have-been-inadvertently-exposed-can-be-reached-over-the-network-CVE-2024-39537"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83023",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-EX-Series-J-Web-An-unauthenticated-network-based-attacker-can-perform-XPATH-injection-attack-against-a-device-CVE-2024-39565"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83026",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R1-release"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83013",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-MS-MPC-MIC-Receipt-of-specific-packets-in-H-323-ALG-causes-traffic-drop-CVE-2024-39551"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83002",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-malformed-CFM-packet-or-specific-transit-traffic-leads-to-FPC-crash-CVE-2024-39542"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83015",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-update-causes-the-session-to-reset-CVE-2024-39555"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83007",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-and-NFX350-When-VPN-tunnels-parameters-are-not-matching-the-iked-process-will-crash-CVE-2024-39545"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82995",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-specific-traffic-is-received-in-a-VPLS-scenario-evo-pfemand-crashes-CVE-2024-39535"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82993",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-EX4600-Series-Output-firewall-filter-is-not-applied-if-certain-match-criteria-are-used-CVE-2024-39533"
},
{
"published_at": "2024-07-11",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75726",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Malformed-BGP-UPDATE-causes-RPD-crash-CVE-2024-39552"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82988",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-SRX-Series-If-DNS-traceoptions-are-configured-in-a-DGA-or-tunnel-detection-scenario-specific-DNS-traffic-leads-to-a-PFE-crash-CVE-2024-39529"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83017",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-MAC-table-changes-cause-a-memory-leak-CVE-2024-39557"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82983",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Multicast-traffic-is-looped-in-a-multihoming-EVPN-MPLS-scenario-CVE-2024-39519"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83020",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Memory-leak-due-to-RSVP-neighbor-persistent-error-leading-to-kernel-crash-CVE-2024-39560"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82998",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-When-multicast-traffic-with-a-specific-S-G-is-received-evo-pfemand-crashes-CVE-2024-39538"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82999",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-MX-Series-Continuous-subscriber-logins-will-lead-to-a-memory-leak-and-eventually-an-FPC-crash-CVE-2024-39539"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA83016",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Loading-a-malicious-certificate-from-the-CLI-may-result-in-a-stack-based-overflow-CVE-2024-39556"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82992",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Confidential-information-in-logs-can-be-accessed-by-another-user-CVE-2024-39532"
},
{
"published_at": "2024-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82978",
"url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Execution-of-a-specific-CLI-command-will-cause-a-crash-in-the-AFT-manager-CVE-2024-39513"
}
]
}
GSD-2021-44790
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-44790",
"description": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"id": "GSD-2021-44790",
"references": [
"https://www.suse.com/security/cve/CVE-2021-44790.html",
"https://www.debian.org/security/2022/dsa-5035",
"https://access.redhat.com/errata/RHSA-2022:0303",
"https://access.redhat.com/errata/RHSA-2022:0288",
"https://access.redhat.com/errata/RHSA-2022:0258",
"https://access.redhat.com/errata/RHSA-2022:0143",
"https://ubuntu.com/security/CVE-2021-44790",
"https://advisories.mageia.org/CVE-2021-44790.html",
"https://access.redhat.com/errata/RHSA-2022:1136",
"https://access.redhat.com/errata/RHSA-2022:1137",
"https://access.redhat.com/errata/RHSA-2022:1138",
"https://access.redhat.com/errata/RHSA-2022:1139",
"https://alas.aws.amazon.com/cve/html/CVE-2021-44790.html",
"https://linux.oracle.com/cve/CVE-2021-44790.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-44790"
],
"details": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"id": "GSD-2021-44790",
"modified": "2023-12-13T01:23:20.335473Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44790",
"STATE": "PUBLIC",
"TITLE": "Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "Apache HTTP Server 2.4",
"version_value": "2.4.51"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Chamal"
},
{
"lang": "eng",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": [
{
"other": "high"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"name": "FEDORA-2021-29a536c2ae",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/"
},
{
"name": "DSA-5035",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211224-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"name": "https://www.tenable.com/security/tns-2022-01",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"name": "https://www.tenable.com/security/tns-2022-03",
"refsource": "CONFIRM",
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"name": "FEDORA-2022-b4103753e9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "FEDORA-2022-21264ec6db",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://support.apple.com/kb/HT213257",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213257"
},
{
"name": "https://support.apple.com/kb/HT213256",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "https://support.apple.com/kb/HT213255",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"name": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"timeline": [
{
"lang": "eng",
"time": "2021-12-07",
"value": "Reported to security team"
},
{
"lang": "eng",
"time": "2021-12-16",
"value": "Fixed by r1896039 in 2.4.x"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4.51",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.20.0",
"versionStartIncluding": "5.16.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.7",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-008:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.6.6",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2022-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.4",
"versionStartIncluding": "12.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-44790"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "[oss-security] 20211220 CVE-2021-44790: Apache HTTP Server: Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"name": "FEDORA-2021-29a536c2ae",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211224-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"name": "DSA-5035",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"name": "https://www.tenable.com/security/tns-2022-01",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"name": "https://www.tenable.com/security/tns-2022-03",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "FEDORA-2022-b4103753e9",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"name": "FEDORA-2022-21264ec6db",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"name": "FEDORA-2022-78e3211c55",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://support.apple.com/kb/HT213255",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213255"
},
{
"name": "https://support.apple.com/kb/HT213256",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213256"
},
{
"name": "https://support.apple.com/kb/HT213257",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT213257"
},
{
"name": "20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"name": "20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"name": "20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"name": "GLSA-202208-20",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"name": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-04-03T20:15Z",
"publishedDate": "2021-12-20T12:15Z"
}
}
}
bit-apache-2021-44790
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:54
Modified
2025-05-20 10:02
Summary
Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
Details
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "apache",
"purl": "pkg:bitnami/apache"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.52"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-44790"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
],
"severity": "Critical"
},
"details": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"id": "BIT-apache-2021-44790",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T10:54:08.593Z",
"references": [
{
"type": "WEB",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211224-0001/"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213255"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213256"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213257"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44790"
}
],
"schema_version": "1.5.0",
"summary": "Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier"
}
CNVD-2021-102386
Vulnerability from cnvd - Published: 2021-12-24
VLAI Severity ?
Title
Apache HTTP Server缓冲区溢出漏洞(CNVD-2021-102386)
Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server中存在缓冲区溢出漏洞,该漏洞源于产品的r:parsebody未能正确判断用户边界。攻击者可通过该漏洞导致缓冲区溢出。
Severity
高
Patch Name
Apache HTTP Server缓冲区溢出漏洞(CNVD-2021-102386)的补丁
Patch Description
Apache HTTP Server是美国阿帕奇(Apache)基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。
Apache HTTP Server中存在缓冲区溢出漏洞,该漏洞源于产品的r:parsebody未能正确判断用户边界。攻击者可通过该漏洞导致缓冲区溢出。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://httpd.apache.org/download.cgi#apache24
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-44790
Impacted products
| Name | Apache HTTP Server <=2.4.51 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-44790"
}
},
"description": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\n\nApache HTTP Server\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u7684r\uff1aparsebody\u672a\u80fd\u6b63\u786e\u5224\u65ad\u7528\u6237\u8fb9\u754c\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://httpd.apache.org/download.cgi#apache24",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-102386",
"openTime": "2021-12-24",
"patchDescription": "Apache HTTP Server\u662f\u7f8e\u56fd\u963f\u5e15\u5947\uff08Apache\uff09\u57fa\u91d1\u4f1a\u7684\u4e00\u6b3e\u5f00\u6e90\u7f51\u9875\u670d\u52a1\u5668\u3002\u8be5\u670d\u52a1\u5668\u5177\u6709\u5feb\u901f\u3001\u53ef\u9760\u4e14\u53ef\u901a\u8fc7\u7b80\u5355\u7684API\u8fdb\u884c\u6269\u5145\u7684\u7279\u70b9\u3002\r\n\r\nApache HTTP Server\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u7684r\uff1aparsebody\u672a\u80fd\u6b63\u786e\u5224\u65ad\u7528\u6237\u8fb9\u754c\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Apache HTTP Server\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-102386\uff09\u7684\u8865\u4e01",
"products": {
"product": "Apache HTTP Server \u003c=2.4.51"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-44790",
"serverity": "\u9ad8",
"submitTime": "2021-12-24",
"title": "Apache HTTP Server\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-102386\uff09"
}
CVE-2021-44790
Vulnerability from fstec - Published: 20.12.2021
VLAI Severity ?
Title
Уязвимость HTTP-сервера Apache, связанная с выходом операции за границу буфера в памяти, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость HTTP-сервера Apache связана с выходом операции за границу буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код с помощью отправки специально сформированного HTTP-запроса
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», АО «Концерн ВНИИНС», ООО «Ред Софт», Apache Software Foundation, IBM Corp., АО "НППКТ", АО «НТЦ ИТ РОСА»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), РЕД ОС (запись в едином реестре российских программ №3751), HTTP Server, IBM Cloud Pak System, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), РОСА Кобальт (запись в едином реестре российских программ №1999), ROSA Virtualization (запись в едином реестре российских программ №5091), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 2.12 «Орёл» (Astra Linux Common Edition), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 1.0 (ОС ОН «Стрелец»), 11 (Debian GNU/Linux), 7.3 (РЕД ОС), до 2.4.51 включительно (HTTP Server), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.3.3.5 (IBM Cloud Pak System), до 2.4.2 (ОСОН ОСнова Оnyx), 7.9 (РОСА Кобальт), 2.1 (ROSA Virtualization), до 16.01.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Использование рекомендаций:
Для Apache:
Обновление программного обеспечения до актуальной версии
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2021-44790
Для ОС ОН «Стрелец»:
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie
Для программных продуктов IBM Corp.:
https://www.ibm.com/support/pages/node/6612587
Для Astra Linux:
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0318SE17MD
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0318SE47MD
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20220318SE816MD
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220318SE16MD
https://wiki.astralinux.ru/astra-linux-ce212-MD-2022-0318MD
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
Для ОСОН Основа:
Обновление программного обеспечения apache2 до версии 2.4.52-3osnova9
Для Astra Linux Special Edition 4.7 (для архитектуры ARM):
использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
Для ОС РОСА "КОБАЛЬТ":
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2158
Для системы управления средой виртуализации "ROSA Virtualization":
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2160
Для Astra Linux Special Edition для «Эльбрус» 8.1 «Ленинград»:
обновить пакет apache2 до 2.4.46-1~bpo9+1astra.se7 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
Для ОС ОН «Стрелец»:
Обновление программного обеспечения apache2 до версии 2.4.54-2osnova11.strelets
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2900
Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2899
Reference
http://httpd.apache.org/security/vulnerabilities_24.html
https://redos.red-soft.ru/support/secure/
https://security-tracker.debian.org/tracker/CVE-2021-44790
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#26012022
https://www.cybersecurity-help.cz/vdb/SB2021122005
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0318SE17MD
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0318SE47MD
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20220318SE816MD
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220318SE16MD
https://wiki.astralinux.ru/astra-linux-ce212-MD-2022-0318MD
https://www.ibm.com/support/pages/node/6612587
https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.2/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2158
https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2160
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/
https://abf.rosa.ru/advisories/ROSA-SA-2025-2900
https://abf.rosa.ru/advisories/ROSA-SA-2025-2899
CWE
CWE-119
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Apache Software Foundation, IBM Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 1.0 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 11 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 2.4.51 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (HTTP Server), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.3.3.5 (IBM Cloud Pak System), \u0434\u043e 2.4.2 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 2.1 (ROSA Virtualization), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Apache:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-44790\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#kumulyativnoe-obnovlenie\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttps://www.ibm.com/support/pages/node/6612587\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0318SE17MD\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0318SE47MD\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20220318SE816MD\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220318SE16MD\nhttps://wiki.astralinux.ru/astra-linux-ce212-MD-2022-0318MD\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\n\n\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.52-3osnova9\n\n\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 (\u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM):\n\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": \nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2158\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \"ROSA Virtualization\": \nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2160\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 apache2 \u0434\u043e 2.4.46-1~bpo9+1astra.se7 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f apache2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.4.54-2osnova11.strelets\n\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2900\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2899",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.12.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.12.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-06392",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-44790",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), HTTP Server, IBM Cloud Pak System, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb 1.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.4.2 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0443 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Apache \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0443 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e HTTP-\u0437\u0430\u043f\u0440\u043e\u0441\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://httpd.apache.org/security/vulnerabilities_24.html\nhttps://redos.red-soft.ru/support/secure/\nhttps://security-tracker.debian.org/tracker/CVE-2021-44790\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#26012022\nhttps://www.cybersecurity-help.cz/vdb/SB2021122005\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0318SE17MD\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0318SE47MD\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20220318SE816MD\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220318SE16MD\nhttps://wiki.astralinux.ru/astra-linux-ce212-MD-2022-0318MD\nhttps://www.ibm.com/support/pages/node/6612587\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-0819SE17\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.4.2/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2022-0926SE47\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2158\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2160\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20230315SE81\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2900\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2899",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)"
}
GHSA-C547-2659-Q37G
Vulnerability from github – Published: 2022-02-08 00:00 – Updated: 2025-05-01 18:31
VLAI?
Details
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2021-44790"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-20T12:15:00Z",
"severity": "CRITICAL"
},
"details": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"id": "GHSA-c547-2659-q37g",
"modified": "2025-05-01T18:31:41Z",
"published": "2022-02-08T00:00:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44790"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-03"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/tns-2022-01"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2022/dsa-5035"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213257"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213256"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT213255"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20211224-0001"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH"
},
{
"type": "WEB",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/33"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/35"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2022/May/38"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/12/20/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
cve-2021-44790
Vulnerability from osv_almalinux
Published
2022-01-25 12:49
Modified
2022-01-26 07:27
Summary
Important: httpd:2.4 security update
Details
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
- httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "httpd"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "httpd-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "httpd-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "httpd-manual"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "httpd-tools"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mod_http2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.15.7-3.module_el8.5.0+2609+b30d9eec"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mod_ldap"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mod_md"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.0.8-8.module_el8.5.0+2609+b30d9eec"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mod_md"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.0.8-8.module_el8.6.0+2872+fe0ff7aa"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mod_proxy_html"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mod_session"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "mod_ssl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.37-43.module_el8.5.0+2609+b30d9eec.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0258",
"modified": "2022-01-26T07:27:24Z",
"published": "2022-01-25T12:49:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-0258.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-44790"
}
],
"related": [
"CVE-2021-44790"
],
"summary": "Important: httpd:2.4 security update"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…