Vulnerability-Lookup

CVE-2022-2601 (GCVE-0-2022-2601)

Vulnerability from cvelistv5 – Published: 2022-12-14 00:00 – Updated: 2024-08-22 01:13

Summary

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.

Severity ?

No CVSS data available.

CWE

CWE-122 - >CWE-787

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0
	https://security.netapp.com/advisory/ntap-2023020…
	https://security.gentoo.org/glsa/202311-14	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	grub2	Affected: grub2 2.06 and lower

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-22T01:13:28.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230203-0004/"
          },
          {
            "name": "GLSA-202311-14",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202311-14"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grub2",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "grub2 2.06 and lower"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122-\u003eCWE-787",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-25T12:06:24.538109",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230203-0004/"
        },
        {
          "name": "GLSA-202311-14",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202311-14"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-2601",
    "datePublished": "2022-12-14T00:00:00",
    "dateReserved": "2022-08-01T00:00:00",
    "dateUpdated": "2024-08-22T01:13:28.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2601

Vulnerability from fstec - Published: 16.11.2022

Title

Уязвимость функции grub_font_construct_glyph() загрузчика операционных систем Grub2, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость функции grub_font_construct_glyph() загрузчика операционных систем Grub2 связана с выходом операции за границы буфера в памяти при обработке специально оформленных шрифтов в формате pf2. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код

Severity ?


                    
                      AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, Novell Inc., ООО «Ред Софт», Erich Boleyn, АО "НППКТ", АО «НТЦ ИТ РОСА», АО «Концерн ВНИИНС»

Software Name

Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, openSUSE Tumbleweed, РЕД ОС (запись в едином реестре российских программ №3751), Grub2, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), РОСА Кобальт (запись в едином реестре российских программ №1999), ROSA Virtualization (запись в едином реестре российских программ №5091), РОСА ХРОМ (запись в едином реестре российских программ №1607), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)

Software Version

7 (Red Hat Enterprise Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), от 2.00 до 2.06 включительно (Grub2), до 2.7 (ОСОН ОСнова Оnyx), 7.9 (РОСА Кобальт), 2.1 (ROSA Virtualization), 12.4 (РОСА ХРОМ), до 16.01.2023 (ОС ОН «Стрелец»), до 20.10.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование механизма SBAT (UEFI Secure Boot Advanced Targeting). Использование рекомендаций производителя: Для Grub2: https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2022-2601 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2022-2601.html Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/CVE-2022-2601 Для ОС Astra Linux: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16 Для ОС Astra Linux Special Edition 1.7: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD Для ОСОН ОСнова Оnyx (версия 2.7): Обновление программного обеспечения grub2 до версии 2.06-3~deb10u3.osnova9 Для ОС Astra Linux Special Edition 4.7 для архитектуры ARM: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD Для ОС ОН «Стрелец»: Обновление программного обеспечения grub2 до версии 2.06-3~deb10u2.osnova9.strelets Для ОС ОН «Стрелец»: Обновление программного обеспечения grub2 до версии 2.06-3~deb10u3.osnova9.strelets Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС РОСА "КОБАЛЬТ": https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2348 Для системы управления средой виртуализации «ROSA Virtualization» : https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2341 Для операционной системы РОСА ХРОМ: https://abf.rosa.ru/advisories/ROSA-SA-2024-2461 Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2683 Для ОС РОСА "КОБАЛЬТ": https://abf.rosa.ru/advisories/ROSA-SA-2025-2894

Reference

https://www.opennet.ru/opennews/art.shtml?num=58130 https://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html https://access.redhat.com/security/cve/CVE-2022-2601 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-2601 https://www.suse.com/security/cve/CVE-2022-2601.html https://github.com/rhboot/shim/blob/main/SBAT.md https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.7/ https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023 https://strelets.net/patchi-i-obnovleniya-bezopasnosti#20102023 http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2348 https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2341 https://abf.rosa.ru/advisories/ROSA-SA-2024-2461 https://abf.rosa.ru/advisories/ROSA-SA-2025-2683 https://abf.rosa.ru/advisories/ROSA-SA-2025-2894

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1521, TO1522, TO1523, TO1524, TO1525, TO1609",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1521 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Microsoft Server 2022 21H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5041160), TO1522 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 22H2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5041580), TO1523 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 22H2 \u0434\u043b\u044f x32 \u0441\u0438\u0441\u0442\u0435\u043c (KB5041580), TO1524 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows 10 1809 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5041578), TO1525 \u041d\u0430\u043a\u043e\u043f\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Windows Server 2019 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5041578), TO1609 \u0415\u0436\u0435\u043c\u0435\u0441\u044f\u0447\u043d\u044b\u0439 \u043d\u0430\u0431\u043e\u0440 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0439 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Windows Server 2012 R2 \u0434\u043b\u044f x64 \u0441\u0438\u0441\u0442\u0435\u043c (KB5041828)",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Erich Boleyn, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), \u043e\u0442 2.00 \u0434\u043e 2.06 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Grub2), \u0434\u043e 2.7 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 7.9 (\u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442), 2.1 (ROSA Virtualization), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), \u0434\u043e 20.10.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430 SBAT (UEFI Secure Boot Advanced Targeting).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\n\u0414\u043b\u044f Grub2:\nhttps://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2022-2601\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2022-2601.html\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2022-2601\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0432\u0435\u0440\u0441\u0438\u044f 2.7):\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f grub2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.06-3~deb10u3.osnova9\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f grub2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.06-3~deb10u2.osnova9.strelets\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f grub2 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.06-3~deb10u3.osnova9.strelets\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2348\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb : https://abf.rosalinux.ru/advisories/ROSA-SA-2024-2341\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosa.ru/advisories/ROSA-SA-2024-2461\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2683\n\n\u0414\u043b\u044f \u041e\u0421 \u0420\u041e\u0421\u0410 \"\u041a\u041e\u0411\u0410\u041b\u042c\u0422\": https://abf.rosa.ru/advisories/ROSA-SA-2025-2894",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "16.11.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.11.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-06819",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-2601",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, openSUSE Tumbleweed, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Grub2, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Novell Inc. openSUSE Tumbleweed - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Erich Boleyn Grub2 \u043e\u0442 2.00 \u0434\u043e 2.06 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u041a\u043e\u0431\u0430\u043b\u044c\u0442 7.9  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161999), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 20.10.2023  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 grub_font_construct_glyph() \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Grub2, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 grub_font_construct_glyph() \u0437\u0430\u0433\u0440\u0443\u0437\u0447\u0438\u043a\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Grub2 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u043d\u044b\u0445 \u0448\u0440\u0438\u0444\u0442\u043e\u0432 \u0432 \u0444\u043e\u0440\u043c\u0430\u0442\u0435 pf2. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.opennet.ru/opennews/art.shtml?num=58130\nhttps://lists.gnu.org/archive/html/grub-devel/2022-11/msg00059.html\nhttps://access.redhat.com/security/cve/CVE-2022-2601\nhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-2601\nhttps://www.suse.com/security/cve/CVE-2022-2601.html\nhttps://github.com/rhboot/shim/blob/main/SBAT.md\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20221220SE16\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2022-1221SE17MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.7/\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0131SE47MD\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#20102023\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2024-2348\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2024-2341\nhttps://abf.rosa.ru/advisories/ROSA-SA-2024-2461\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2683\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2894",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,4)"
}

cve-2022-2601

Vulnerability from osv_almalinux

Published

2023-02-14 00:00

Modified

2023-02-14 18:51

Summary

Moderate: grub2 security update

Details

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-aa64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-aa64-cdboot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-aa64-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-x64-cdboot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-efi-x64-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-pc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-pc-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-ppc64le"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-ppc64le-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-tools-efi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-tools-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "grub2-tools-minimal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.06-46.el9_1.3.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:0752",
  "modified": "2023-02-14T18:51:15Z",
  "published": "2023-02-14T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:0752"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2601"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3775"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2112975"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2138880"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2023-0752.html"
    }
  ],
  "related": [
    "CVE-2022-2601",
    "CVE-2022-3775"
  ],
  "summary": "Moderate: grub2 security update"
}

cve-2022-2601

Vulnerability from osv_almalinux

Published

2023-01-09 00:00

Modified

2023-01-10 10:17

Summary

Moderate: grub2 security update

Details

Security Fix(es):

grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)
grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-common"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-aa64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-aa64-cdboot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-aa64-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-ia32"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-ia32-cdboot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-ia32-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-x64"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-x64-cdboot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-efi-x64-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-pc"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-pc-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-ppc64le"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-ppc64le-modules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-tools"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-tools-efi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-tools-extra"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "grub2-tools-minimal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:2.02-142.el8_7.1.alma"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.\n\nSecurity Fix(es):\n\n* grub2: Buffer overflow in grub_font_construct_glyph() can lead to out-of-bound write and possible secure boot bypass (CVE-2022-2601)\n* grub2: Heap based out-of-bounds write when redering certain unicode sequences (CVE-2022-3775)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
  "id": "ALSA-2023:0049",
  "modified": "2023-01-10T10:17:57Z",
  "published": "2023-01-09T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2023:0049"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-2601"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2022-3775"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2112975"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2138880"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2023-0049.html"
    }
  ],
  "related": [
    "CVE-2022-2601",
    "CVE-2022-3775"
  ],
  "summary": "Moderate: grub2 security update"
}

CERTFR-2023-AVI-0258

Vulnerability from certfr_avis - Published: 2023-03-24 - Updated: 2023-03-24

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une élévation de privilèges, un déni de service à distance, une atteinte à la confidentialité des données, une injection de code indirecte à distance (XSS) et une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Spectrum	IBM Spectrum Protect Client versions 8.1.x antérieures à 8.1.17.2
IBM	WebSphere	IBM WebSphere Remote Server version 9.0 déployée avec une version de IBM WebSphere Application Server antérieure à 9.0.5.14 incluant le correctif PH52925
IBM	Spectrum	IBM Spectrum Protect Plus versions 10.1.x antérieures à 10.1.14

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6963786 du 23 mars 2023	None	vendor-advisory
Bulletin de sécurité IBM 6965816 du 23 mars 2023	None	vendor-advisory
Bulletin de sécurité IBM 6965812 du 23 mars 2023	None	vendor-advisory
Bulletin de sécurité IBM 6965822 du 23 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM WebSphere Remote Server version 9.0 d\u00e9ploy\u00e9e avec une version de IBM WebSphere Application Server ant\u00e9rieure \u00e0 9.0.5.14 incluant le correctif PH52925",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2023-26283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26283"
    },
    {
      "name": "CVE-2022-32190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32190"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2022-4269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
    },
    {
      "name": "CVE-2022-41715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2022-2601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2022-2421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2421"
    },
    {
      "name": "CVE-2022-1016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1016"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2023-23915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
    },
    {
      "name": "CVE-2022-41716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
    },
    {
      "name": "CVE-2022-0854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0854"
    },
    {
      "name": "CVE-2022-28893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28893"
    },
    {
      "name": "CVE-2023-23914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
    },
    {
      "name": "CVE-2023-27863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27863"
    },
    {
      "name": "CVE-2022-41717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
    },
    {
      "name": "CVE-2022-2047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2047"
    },
    {
      "name": "CVE-2022-43945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43945"
    },
    {
      "name": "CVE-2022-2880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2023-22809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22809"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2022-2879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2022-43548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
    },
    {
      "name": "CVE-2022-2588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2588"
    },
    {
      "name": "CVE-2022-4139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4139"
    },
    {
      "name": "CVE-2022-27664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
    },
    {
      "name": "CVE-2023-23916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
    }
  ],
  "initial_release_date": "2023-03-24T00:00:00",
  "last_revision_date": "2023-03-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0258",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nun contournement de la politique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de\nprivil\u00e8ges, un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance\n(XSS) et une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6963786 du 23 mars 2023",
      "url": "https://www.ibm.com/support/pages/node/6963786"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6965816 du 23 mars 2023",
      "url": "https://www.ibm.com/support/pages/node/6965816"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6965812 du 23 mars 2023",
      "url": "https://www.ibm.com/support/pages/node/6965812"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6965822 du 23 mars 2023",
      "url": "https://www.ibm.com/support/pages/node/6965822"
    }
  ]
}

CERTFR-2024-AVI-0681

Vulnerability from certfr_avis - Published: 2024-08-14 - Updated: 2024-08-14

De multiples vulnérabilités ont été découvertes dans Microsoft Windows. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

Microsoft indique que les vulnérabilités CVE-2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193 et CVE-2024-38213 sont activement exploitées.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22769
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes ARM64 versions antérieures à 10.0.26100.1457
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.4651
Microsoft	N/A	Windows Server 2012 versions antérieures à 6.2.9200.24975
Microsoft	N/A	Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22023
Microsoft	N/A	Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.2710
Microsoft	N/A	Windows 10 Version 1809 pour systèmes ARM64 versions antérieures à 10.0.17763.6054
Microsoft	N/A	Windows Server 2019 versions antérieures à 10.0.17763.6189
Microsoft	N/A	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.27219
Microsoft	N/A	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 (Server Core installation) versions antérieures à 6.1.7601.27277
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.4529
Microsoft	N/A	Windows Server 2016 versions antérieures à 10.0.14393.7259
Microsoft	N/A	Windows Server 2016 versions antérieures à 10.0.14393.7159
Microsoft	N/A	Windows Server 2019 versions antérieures à 10.0.17763.6054
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.4651
Microsoft	N/A	Windows Server 2008 pour systèmes x64 Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22825
Microsoft	N/A	Windows 11 version 21H2 pour systèmes ARM64 antérieures à 10.0.22000.3147
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.4037
Microsoft	N/A	Windows Server 2012 R2 versions antérieures à 6.3.9600.22074
Microsoft	N/A	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.27277
Microsoft	N/A	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.950
Microsoft	N/A	Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.25031
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.3737
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.4651
Microsoft	N/A	Windows Server 2022 versions antérieures à 10.0.20348.2582
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.3880
Microsoft	N/A	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.5936
Microsoft	N/A	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7070
Microsoft	N/A	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7159
Microsoft	N/A	Windows Server 2012 R2 versions antérieures à 1.001
Microsoft	N/A	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7070
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.4037
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.4780
Microsoft	N/A	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7159
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.4651
Microsoft	N/A	Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.3147
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.4529
Microsoft	N/A	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7159
Microsoft	N/A	Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.22769
Microsoft	N/A	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.5936
Microsoft	N/A	Windows Server 2022 versions antérieures à 10.0.20348.2522
Microsoft	N/A	Windows Server 2012 R2 versions antérieures à 6.3.9600.22023
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19041.3920
Microsoft	N/A	Windows Server 2022 versions antérieures à 10.0.20348.2655
Microsoft	N/A	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20680
Microsoft	N/A	Windows Server 2022 versions antérieures à 10.0.22000.2710
Microsoft	N/A	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22825
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.4529
Microsoft	N/A	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.2582
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.3880
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.22621.3737
Microsoft	N/A	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.2522
Microsoft	N/A	Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.22769
Microsoft	N/A	Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22134
Microsoft	N/A	Windows Server 2008 pour systèmes x64 Service Pack 2 versions antérieures à 6.0.6003.22825
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.4780
Microsoft	N/A	Windows Server 2012 R2 versions antérieures à 6.3.9600.22134
Microsoft	N/A	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20710
Microsoft	N/A	Windows Server 2008 pour systèmes 32 bits Service Pack 2 (Server Core installation) versions antérieures à 6.0.6003.22769
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.4780
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19041.3920
Microsoft	N/A	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.6189
Microsoft	N/A	Windows 11 Version 24H2 pour systèmes x64 versions antérieures à 10.0.26100.1457
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes ARM64 versions antérieures à 10.0.19045.4651
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.4780
Microsoft	N/A	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7259
Microsoft	N/A	Windows Server 2008 pour systèmes 32 bits Service Pack 2 versions antérieures à 6.0.6003.22825
Microsoft	N/A	Windows Server 2012 versions antérieures à 6.2.9200.25031
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes ARM64 versions antérieures à 10.0.22631.4037
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19041.3920
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.3880
Microsoft	N/A	Windows 11 version 21H2 pour systèmes ARM64 antérieures à 10.0.22000.3019
Microsoft	N/A	Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.3079
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.4037
Microsoft	N/A	Windows 10 Version 1809 pour systèmes x64 versions antérieures à 10.0.17763.6054
Microsoft	N/A	Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.24975
Microsoft	N/A	Windows 11 version 21H2 pour systèmes ARM64 antérieures à 10.0.22000.3079
Microsoft	N/A	Windows Server 2008 R2 pour systèmes x64 Service Pack 1 versions antérieures à 6.1.7601.27219
Microsoft	N/A	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.5936
Microsoft	N/A	Windows 11 version 21H2 pour systèmes x64 antérieures à 10.0.22000.3019
Microsoft	N/A	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1009
Microsoft	N/A	Windows 10 Version 1809 pour systèmes ARM64 versions antérieures à 10.0.17763.5936
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.4651
Microsoft	N/A	Windows Server 2022 (Server Core installation) versions antérieures à 10.0.20348.2655
Microsoft	N/A	Windows Server 2012 R2 (Server Core installation) versions antérieures à 6.3.9600.22074
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes x64 versions antérieures à 10.0.19045.4529
Microsoft	N/A	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20751
Microsoft	N/A	Windows Server 2012 versions antérieures à 6.2.9200.24919
Microsoft	N/A	Windows 10 Version 1607 pour systèmes 32 bits versions antérieures à 10.0.14393.7259
Microsoft	N/A	Windows 10 Version 1607 pour systèmes x64 versions antérieures à 10.0.14393.7259
Microsoft	N/A	Windows 10 pour systèmes x64 versions antérieures à 10.0.10240.20710
Microsoft	N/A	Windows 10 Version 1809 pour systèmes ARM64 versions antérieures à 10.0.17763.6189
Microsoft	N/A	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20751
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.3880
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19041.3920
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes 32 bits versions antérieures à 10.0.19044.4780
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes x64 versions antérieures à 10.0.19044.4529
Microsoft	N/A	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.6054
Microsoft	N/A	Windows 11 Version 22H2 pour systèmes x64 versions antérieures à 10.0.22621.3737
Microsoft	N/A	Windows Server 2012 (Server Core installation) versions antérieures à 6.2.9200.24919
Microsoft	N/A	Windows Server 2022, 23H2 Edition (Server Core installation) versions antérieures à 10.0.25398.1085
Microsoft	N/A	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.6189
Microsoft	N/A	Windows 10 pour systèmes 32 bits versions antérieures à 10.0.10240.20680
Microsoft	N/A	Windows 10 Version 22H2 pour systèmes 32 bits versions antérieures à 10.0.19045.4529
Microsoft	N/A	Windows Server 2016 versions antérieures à 10.0.14393.7070
Microsoft	N/A	Windows Server 2016 (Server Core installation) versions antérieures à 10.0.14393.7070
Microsoft	N/A	Windows Server 2012 R2 (Server Core installation) versions antérieures à 1.001
Microsoft	N/A	Windows 10 Version 21H2 pour systèmes ARM64 versions antérieures à 10.0.19044.4780
Microsoft	N/A	Windows Server 2019 (Server Core installation) versions antérieures à 10.0.17763.6054
Microsoft	N/A	Windows 10 Version 1809 pour systèmes 32 bits versions antérieures à 10.0.17763.6189
Microsoft	N/A	Windows 11 Version 23H2 pour systèmes x64 versions antérieures à 10.0.22631.3737
Microsoft	N/A	Remote Desktop client pour Windows Desktop versions antérieures à 1.2.5560.0
Microsoft	N/A	Windows Server 2019 versions antérieures à 10.0.17763.5936

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Windows CVE-2024-38223	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38134	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38120	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-29995	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38161	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38136	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38131	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38153	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2022-3775	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38125	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38141	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38186	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2023-40547	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38185	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38063	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38135	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38128	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38151	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38133	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38147	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38121	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38142	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38214	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38145	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38122	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38187	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38178	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38184	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38199	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2022-2601	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38213	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38106	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38215	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38114	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38140	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38130	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38138	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38115	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38165	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38150	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38152	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38155	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-37968	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38198	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38127	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38180	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38123	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38118	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38132	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38160	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38148	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38137	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38144	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38159	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38107	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38117	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38154	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38116	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38193	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38143	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38126	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38146	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38196	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38191	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Windows CVE-2024-38163	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22769",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.26100.1457",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.4651",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.24975",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22023",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.2710",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.17763.6054",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.6189",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.27219",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 (Server Core installation) versions ant\u00e9rieures \u00e0 6.1.7601.27277",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.4529",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.7259",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.7159",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.6054",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.4651",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22825",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64 ant\u00e9rieures \u00e0 10.0.22000.3147",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.4037",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.22074",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.27277",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.950",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.25031",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.3737",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.4651",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.2582",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.3880",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.5936",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.7070",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.7159",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 1.001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.7070",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.4037",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.4780",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.7159",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.4651",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.3147",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.4529",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.7159",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22769",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.5936",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.2522",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.22023",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19041.3920",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.20348.2655",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20680",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 versions ant\u00e9rieures \u00e0 10.0.22000.2710",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22825",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.4529",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.2582",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.3880",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22621.3737",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.2522",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22769",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22134",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes x64 Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22825",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.4780",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 versions ant\u00e9rieures \u00e0 6.3.9600.22134",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20710",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.0.6003.22769",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.4780",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19041.3920",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.6189",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 24H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.26100.1457",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19045.4651",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.4780",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.7259",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 pour syst\u00e8mes 32 bits Service Pack 2 versions ant\u00e9rieures \u00e0 6.0.6003.22825",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.25031",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.22631.4037",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19041.3920",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.3880",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64 ant\u00e9rieures \u00e0 10.0.22000.3019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.3079",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.4037",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.17763.6054",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.24975",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes ARM64 ant\u00e9rieures \u00e0 10.0.22000.3079",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2008 R2 pour syst\u00e8mes x64 Service Pack 1 versions ant\u00e9rieures \u00e0 6.1.7601.27219",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.5936",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 version 21H2 pour syst\u00e8mes x64 ant\u00e9rieures \u00e0 10.0.22000.3019",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1009",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.17763.5936",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.4651",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.20348.2655",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 6.3.9600.22074",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19045.4529",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20751",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 versions ant\u00e9rieures \u00e0 6.2.9200.24919",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.14393.7259",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1607 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.14393.7259",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.10240.20710",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.17763.6189",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20751",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.3880",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19041.3920",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19044.4780",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.19044.4529",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.6054",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 22H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22621.3737",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 (Server Core installation) versions ant\u00e9rieures \u00e0 6.2.9200.24919",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2022, 23H2 Edition (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.25398.1085",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.6189",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.10240.20680",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 22H2 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.19045.4529",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 versions ant\u00e9rieures \u00e0 10.0.14393.7070",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.14393.7070",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2 (Server Core installation) versions ant\u00e9rieures \u00e0 1.001",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 21H2 pour syst\u00e8mes ARM64 versions ant\u00e9rieures \u00e0 10.0.19044.4780",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 (Server Core installation) versions ant\u00e9rieures \u00e0 10.0.17763.6054",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10 Version 1809 pour syst\u00e8mes 32 bits versions ant\u00e9rieures \u00e0 10.0.17763.6189",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 11 Version 23H2 pour syst\u00e8mes x64 versions ant\u00e9rieures \u00e0 10.0.22631.3737",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Remote Desktop client pour Windows Desktop versions ant\u00e9rieures \u00e0 1.2.5560.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2019 versions ant\u00e9rieures \u00e0 10.0.17763.5936",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-38147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38147"
    },
    {
      "name": "CVE-2024-38126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38126"
    },
    {
      "name": "CVE-2024-38136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38136"
    },
    {
      "name": "CVE-2024-38215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38215"
    },
    {
      "name": "CVE-2024-38123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38123"
    },
    {
      "name": "CVE-2024-38185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38185"
    },
    {
      "name": "CVE-2024-38163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38163"
    },
    {
      "name": "CVE-2024-38132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38132"
    },
    {
      "name": "CVE-2024-38213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38213"
    },
    {
      "name": "CVE-2024-38114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38114"
    },
    {
      "name": "CVE-2024-38154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38154"
    },
    {
      "name": "CVE-2024-38160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38160"
    },
    {
      "name": "CVE-2024-38142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38142"
    },
    {
      "name": "CVE-2022-2601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
    },
    {
      "name": "CVE-2024-38187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38187"
    },
    {
      "name": "CVE-2024-38138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38138"
    },
    {
      "name": "CVE-2024-38115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38115"
    },
    {
      "name": "CVE-2024-38122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38122"
    },
    {
      "name": "CVE-2024-38191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38191"
    },
    {
      "name": "CVE-2024-38184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38184"
    },
    {
      "name": "CVE-2024-38145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38145"
    },
    {
      "name": "CVE-2024-38198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38198"
    },
    {
      "name": "CVE-2024-38121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38121"
    },
    {
      "name": "CVE-2024-38106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38106"
    },
    {
      "name": "CVE-2024-38148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38148"
    },
    {
      "name": "CVE-2024-38161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38161"
    },
    {
      "name": "CVE-2024-38063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38063"
    },
    {
      "name": "CVE-2024-38120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38120"
    },
    {
      "name": "CVE-2024-38153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38153"
    },
    {
      "name": "CVE-2024-38127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38127"
    },
    {
      "name": "CVE-2024-38223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38223"
    },
    {
      "name": "CVE-2024-38193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38193"
    },
    {
      "name": "CVE-2024-38143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38143"
    },
    {
      "name": "CVE-2024-38141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38141"
    },
    {
      "name": "CVE-2024-38178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38178"
    },
    {
      "name": "CVE-2024-38155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38155"
    },
    {
      "name": "CVE-2024-38214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38214"
    },
    {
      "name": "CVE-2024-38128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38128"
    },
    {
      "name": "CVE-2024-38134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38134"
    },
    {
      "name": "CVE-2024-38118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38118"
    },
    {
      "name": "CVE-2024-38144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38144"
    },
    {
      "name": "CVE-2024-38199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38199"
    },
    {
      "name": "CVE-2024-38186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38186"
    },
    {
      "name": "CVE-2024-38107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38107"
    },
    {
      "name": "CVE-2024-38137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38137"
    },
    {
      "name": "CVE-2024-38135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38135"
    },
    {
      "name": "CVE-2024-38159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38159"
    },
    {
      "name": "CVE-2024-38146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38146"
    },
    {
      "name": "CVE-2024-38196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38196"
    },
    {
      "name": "CVE-2024-38140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38140"
    },
    {
      "name": "CVE-2024-38152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38152"
    },
    {
      "name": "CVE-2024-29995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29995"
    },
    {
      "name": "CVE-2024-38165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38165"
    },
    {
      "name": "CVE-2024-37968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37968"
    },
    {
      "name": "CVE-2024-38150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38150"
    },
    {
      "name": "CVE-2022-3775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
    },
    {
      "name": "CVE-2024-38125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38125"
    },
    {
      "name": "CVE-2024-38116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38116"
    },
    {
      "name": "CVE-2024-38131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38131"
    },
    {
      "name": "CVE-2024-38180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38180"
    },
    {
      "name": "CVE-2024-38151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38151"
    },
    {
      "name": "CVE-2024-38133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38133"
    },
    {
      "name": "CVE-2024-38130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38130"
    },
    {
      "name": "CVE-2023-40547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40547"
    },
    {
      "name": "CVE-2024-38117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38117"
    }
  ],
  "initial_release_date": "2024-08-14T00:00:00",
  "last_revision_date": "2024-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0681",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Windows. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n\nMicrosoft indique que les vuln\u00e9rabilit\u00e9s CVE-2024-38106, CVE-2024-38107, CVE-2024-38178, CVE-2024-38193 et CVE-2024-38213 sont activement exploit\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38223",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38223"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38134",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38134"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38120",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38120"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-29995",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29995"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38161",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38161"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38136",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38136"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38131",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38131"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38153",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38153"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2022-3775",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3775"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38125",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38125"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38141",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38141"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38186",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38186"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2023-40547",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-40547"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38185",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38185"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38063",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38135",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38135"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38128",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38128"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38151",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38151"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38133",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38133"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38147",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38147"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38121",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38121"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38142",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38142"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38214",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38214"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38145",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38145"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38122",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38122"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38187",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38187"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38178",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38184",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38184"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38199",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38199"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2022-2601",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2601"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38213",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38213"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38106",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38215"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38114",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38114"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38140",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38140"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38130",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38130"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38138",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38138"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38115",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38115"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38165",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38165"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38150",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38150"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38152",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38152"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38155",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38155"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-37968",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37968"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38198",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38198"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38127",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38127"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38180",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38180"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38123",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38123"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38118",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38118"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38132",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38132"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38160",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38160"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38148",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38148"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38137",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38137"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38144",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38144"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38159",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38159"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38107",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38107"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38117",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38117"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38154",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38154"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38116",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38116"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38193",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38143",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38143"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38126",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38126"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38146",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38146"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38196",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38196"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38191",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38191"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Windows CVE-2024-38163",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38163"
    }
  ]
}

CERTFR-2023-AVI-0240

Vulnerability from certfr_avis - Published: 2023-03-17 - Updated: 2023-03-17

De multiples vulnérabilités ont été découvertes dans les produits IBM. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une exécution de code arbitraire à distance, un déni de service à distance, un contournement de la politique de sécurité, une élévation de privilèges et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Sterling	Sterling Global Mailbox versions 6.0.3.x antérieures à 6.0.3.8
IBM	Spectrum	Spectrum Copy Data Management versions 2.2.x antérieures à 2.2.19.0
IBM	Spectrum	Spectrum Protect for Space Management versions 8.1.x antérieures à 8.1.17.2
IBM	Sterling	Sterling B2B Integrator versions 6.1.x antérieures à 6.1.2.1
IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.14
IBM	Spectrum	Spectrum Protect Client versions 8.1.x antérieures à 8.1.17.2
IBM	Sterling	Sterling Global Mailbox versions 6.1.2.x antérieures à 6.1.2.2
IBM	Sterling	Sterling B2B Integrator versions 6.0.x antérieures à 6.0.3.8

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6963960	2023-03-16	vendor-advisory
Bulletin de sécurité IBM 6963958	2023-03-16	vendor-advisory
Bulletin de sécurité IBM 6963962	2023-03-16	vendor-advisory
Bulletin de sécurité IBM 6963936	2023-03-16	vendor-advisory
Bulletin de sécurité IBM 6963956	2023-03-16	vendor-advisory
Bulletin de sécurité IBM 6960747	2023-03-16	vendor-advisory
Bulletin de sécurité IBM 6956237	2023-03-17	vendor-advisory
Bulletin de sécurité IBM 6960739	2023-03-16	vendor-advisory
Bulletin de sécurité IBM 6963954	2023-03-16	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sterling Global Mailbox versions 6.0.3.x ant\u00e9rieures \u00e0 6.0.3.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Copy Data Management versions 2.2.x ant\u00e9rieures \u00e0 2.2.19.0",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect for Space Management versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.1",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.14",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect Client versions 8.1.x ant\u00e9rieures \u00e0 8.1.17.2",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Global Mailbox versions 6.1.2.x ant\u00e9rieures \u00e0 6.1.2.2",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling B2B Integrator versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.8",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-29581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29581"
    },
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2964"
    },
    {
      "name": "CVE-2022-4379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4379"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2020-36557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36557"
    },
    {
      "name": "CVE-2022-2639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2639"
    },
    {
      "name": "CVE-2022-2601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
    },
    {
      "name": "CVE-2022-0168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0168"
    },
    {
      "name": "CVE-2015-7501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7501"
    },
    {
      "name": "CVE-2022-29244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29244"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2022-46364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
    },
    {
      "name": "CVE-2022-2078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2078"
    },
    {
      "name": "CVE-2022-1184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1184"
    },
    {
      "name": "CVE-2022-2586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2586"
    },
    {
      "name": "CVE-2022-0494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0494"
    },
    {
      "name": "CVE-2021-3807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
    },
    {
      "name": "CVE-2022-46363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46363"
    },
    {
      "name": "CVE-2022-41717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2022-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
    },
    {
      "name": "CVE-2021-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3640"
    },
    {
      "name": "CVE-2023-21835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
    },
    {
      "name": "CVE-2022-36946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36946"
    },
    {
      "name": "CVE-2022-24448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24448"
    },
    {
      "name": "CVE-2022-1055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1055"
    },
    {
      "name": "CVE-2022-1353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1353"
    },
    {
      "name": "CVE-2022-42436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42436"
    },
    {
      "name": "CVE-2022-28390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28390"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2020-36558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36558"
    }
  ],
  "initial_release_date": "2023-03-17T00:00:00",
  "last_revision_date": "2023-03-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0240",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2023-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6963960",
      "url": "https://www.ibm.com/support/pages/node/6963960"
    },
    {
      "published_at": "2023-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6963958",
      "url": "https://www.ibm.com/support/pages/node/6963958"
    },
    {
      "published_at": "2023-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6963962",
      "url": "https://www.ibm.com/support/pages/node/6963962"
    },
    {
      "published_at": "2023-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6963936",
      "url": "https://www.ibm.com/support/pages/node/6963936"
    },
    {
      "published_at": "2023-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6963956",
      "url": "https://www.ibm.com/support/pages/node/6963956"
    },
    {
      "published_at": "2023-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6960747",
      "url": "https://www.ibm.com/support/pages/node/6960747"
    },
    {
      "published_at": "2023-03-17",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6956237",
      "url": "https://www.ibm.com/support/pages/node/6956237"
    },
    {
      "published_at": "2023-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6960739",
      "url": "https://www.ibm.com/support/pages/node/6960739"
    },
    {
      "published_at": "2023-03-16",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6963954",
      "url": "https://www.ibm.com/support/pages/node/6963954"
    }
  ]
}

CERTFR-2024-AVI-0683

Vulnerability from certfr_avis - Published: 2024-08-14 - Updated: 2024-08-14

De multiples vulnérabilités ont été découvertes dans Microsoft Azure. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Azure CycleCloud 8.4.0 versions antérieures à 8.6.3
Microsoft	N/A	Azure Stack Hub versions antérieures à 1.2311.1.22
Microsoft	N/A	Azure CycleCloud 8.0.0 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.6.1 versions antérieures à 8.6.3
Microsoft	N/A	Azure Linux 3.0 x64 versions antérieures à 2.06-14
Microsoft	N/A	Azure CycleCloud 8.4.1 versions antérieures à 8.6.3
Microsoft	N/A	Azure Health Bot
Microsoft	N/A	Azure CycleCloud 8.6.0 versions antérieures à 8.6.3
Microsoft	N/A	Azure Linux 3.0 ARM versions antérieures à 2.06-14
Microsoft	N/A	C SDK pour Azure IoT versions antérieures à 1.12.1
Microsoft	N/A	Azure CycleCloud 8.2.2 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.0.2 versions antérieures à 8.6.3
Microsoft	N/A	Azure Connected Machine Agent versions antérieures à 1.44
Microsoft	N/A	Azure IoT Hub Device Client SDK versions antérieures à 1.12.1
Microsoft	N/A	Azure CycleCloud 8.1.0 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.5.0 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.3.0 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.6.2 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.2.0 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.0.1 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.1.1 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.4.2 versions antérieures à 8.6.3
Microsoft	N/A	Azure CycleCloud 8.2.1 versions antérieures à 8.6.3

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Azure CVE-2024-38108	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2022-2601	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2024-38098	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2024-38201	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2022-3775	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2024-38109	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2024-38195	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2024-38162	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2024-38157	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft Azure CVE-2024-38158	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Azure CycleCloud 8.4.0 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure Stack Hub versions ant\u00e9rieures \u00e0 1.2311.1.22",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.0.0 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.6.1 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure Linux 3.0 x64 versions ant\u00e9rieures \u00e0 2.06-14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.4.1 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure Health Bot",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.6.0 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure Linux 3.0 ARM versions ant\u00e9rieures \u00e0 2.06-14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "C SDK pour Azure IoT versions ant\u00e9rieures \u00e0 1.12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.2.2 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.0.2 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure Connected Machine Agent versions ant\u00e9rieures \u00e0 1.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure IoT Hub Device Client SDK versions ant\u00e9rieures \u00e0 1.12.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.1.0 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.5.0 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.3.0 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.6.2 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.2.0 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.0.1 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.1.1 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.4.2 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Azure CycleCloud 8.2.1 versions ant\u00e9rieures \u00e0 8.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-38108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38108"
    },
    {
      "name": "CVE-2022-2601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
    },
    {
      "name": "CVE-2024-38201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38201"
    },
    {
      "name": "CVE-2024-38098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38098"
    },
    {
      "name": "CVE-2024-38158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38158"
    },
    {
      "name": "CVE-2024-38195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38195"
    },
    {
      "name": "CVE-2024-38162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38162"
    },
    {
      "name": "CVE-2022-3775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
    },
    {
      "name": "CVE-2024-38109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38109"
    },
    {
      "name": "CVE-2024-38157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38157"
    }
  ],
  "initial_release_date": "2024-08-14T00:00:00",
  "last_revision_date": "2024-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0683",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38108",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38108"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2022-2601",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2601"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38098",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38098"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38201",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38201"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2022-3775",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3775"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38109",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38109"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38195",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38195"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38162",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38162"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38157",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38157"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Azure CVE-2024-38158",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38158"
    }
  ]
}

CERTFR-2024-AVI-0684

Vulnerability from certfr_avis - Published: 2024-08-14 - Updated: 2024-08-14

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	CBL Mariner 1.0 ARM versions antérieures à 2.06~rc1-10
Microsoft	N/A	CBL Mariner 2.0 x64 versions antérieures à 2.06-10
Microsoft	N/A	CBL Mariner 2.0 ARM versions antérieures à 2.06-10
Microsoft	N/A	CBL Mariner 1.0 ARM versions antérieures à 2.06~rc1-9
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.6 antérieures à 17.6.18
Microsoft	N/A	CBL Mariner 1.0 x64 versions antérieures à 2.06~rc1-9
Microsoft	N/A	CBL Mariner 2.0 x64 versions antérieures à 2.06-8
Microsoft	N/A	CBL Mariner 2.0 ARM versions antérieures à 2.06-8
Microsoft	N/A	Microsoft Teams pour iOS versions antérieures à 7.13.0
Microsoft	N/A	CBL Mariner 1.0 x64 versions antérieures à 2.06~rc1-10
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.10 antérieures à 17.10.6
Microsoft	N/A	Microsoft Visual Studio 2022 version 17.8 antérieures à 17.8.13
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 9.1 antérieures à 1.31
Microsoft	N/A	App Installer versions antérieures à 1.22.11261.0

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2022-3775	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38177	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38167	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-2601	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38168	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38211	2024-08-13	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-38197	2024-08-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CBL Mariner 1.0 ARM versions ant\u00e9rieures \u00e0 2.06~rc1-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 2.0 x64 versions ant\u00e9rieures \u00e0 2.06-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 2.0 ARM versions ant\u00e9rieures \u00e0 2.06-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 1.0 ARM versions ant\u00e9rieures \u00e0 2.06~rc1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.6 ant\u00e9rieures \u00e0 17.6.18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 1.0 x64 versions ant\u00e9rieures \u00e0 2.06~rc1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 2.0 x64 versions ant\u00e9rieures \u00e0 2.06-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 2.0 ARM versions ant\u00e9rieures \u00e0 2.06-8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Teams pour iOS versions ant\u00e9rieures \u00e0 7.13.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "CBL Mariner 1.0 x64 versions ant\u00e9rieures \u00e0 2.06~rc1-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.10 ant\u00e9rieures \u00e0 17.10.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2022 version 17.8 ant\u00e9rieures \u00e0 17.8.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 9.1 ant\u00e9rieures \u00e0 1.31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "App Installer versions ant\u00e9rieures \u00e0 1.22.11261.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-38167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38167"
    },
    {
      "name": "CVE-2024-38211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38211"
    },
    {
      "name": "CVE-2024-38197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38197"
    },
    {
      "name": "CVE-2022-2601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2601"
    },
    {
      "name": "CVE-2024-38177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38177"
    },
    {
      "name": "CVE-2024-38168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38168"
    },
    {
      "name": "CVE-2022-3775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3775"
    }
  ],
  "initial_release_date": "2024-08-14T00:00:00",
  "last_revision_date": "2024-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0684",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-3775",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3775"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38177",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38177"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38167",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38167"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-2601",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-2601"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38168",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38168"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38211",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38211"
    },
    {
      "published_at": "2024-08-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-38197",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38197"
    }
  ]
}

FKIE_CVE-2022-2601

Vulnerability from fkie_nvd - Published: 2022-12-14 21:15 - Updated: 2024-11-21 07:01

Severity ?

8.6 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0	Issue Tracking, Third Party Advisory
secalert@redhat.com	https://security.gentoo.org/glsa/202311-14
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20230203-0004/
af854a3a-2127-422b-91ae-364da2661108	https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0	Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202311-14
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20230203-0004/

Impacted products

Vendor	Product	Version
gnu	grub2	*
fedoraproject	fedora	37
redhat	enterprise_linux_eus	9.0
redhat	enterprise_linux_for_power_little_endian_eus	9.0
redhat	enterprise_linux_server_aus	8.2
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.1
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.2
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	9.0
redhat	enterprise_linux_server_tus	8.2
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.1
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.2
redhat	enterprise_linux_server_update_services_for_sap_solutions	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E48B3B4-3F7F-4169-ABC8-448AA351276E",
              "versionEndIncluding": "2.06",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868A6ED7-44DD-44FF-8ADD-9971298A1175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DF2B9A2-8CA6-4EDF-9975-07265E363ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6A5AF-2EBE-4ED9-B312-DCD9D150D031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "492DF629-16B8-4882-822D-A6897B03DD30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C2E003-A71C-4D06-B8B3-F93160568182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE1A81A1-63EC-431C-9CBC-8D28C15AB3E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un desbordamiento del b\u00fafer en grub_font_construct_glyph(). Una fuente pf2 manipulada maliciosamente puede provocar un desbordamiento al calcular el valor max_glyph_size, asignando un b\u00fafer m\u00e1s peque\u00f1o de lo necesario para el glifo, lo que adem\u00e1s provoca un desbordamiento del b\u00fafer y una escritura fuera de los l\u00edmites basada en el heap. Un atacante puede utilizar esta vulnerabilidad para eludir el mecanismo de arranque seguro."
    }
  ],
  "id": "CVE-2022-2601",
  "lastModified": "2024-11-21T07:01:19.873",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-12-14T21:15:10.190",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/202311-14"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.netapp.com/advisory/ntap-20230203-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202311-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230203-0004/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

GSD-2022-2601

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-2601

Aliases

CVE-2022-2601

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-2601",
    "description": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.",
    "id": "GSD-2022-2601",
    "references": [
      "https://www.debian.org/security/2022/dsa-5280",
      "https://access.redhat.com/errata/RHSA-2022:8494",
      "https://access.redhat.com/errata/RHSA-2022:8800",
      "https://access.redhat.com/errata/RHSA-2022:8978",
      "https://access.redhat.com/errata/RHSA-2023:0047",
      "https://access.redhat.com/errata/RHSA-2023:0048",
      "https://access.redhat.com/errata/RHSA-2023:0049",
      "https://www.suse.com/security/cve/CVE-2022-2601.html",
      "https://access.redhat.com/errata/RHSA-2023:0752"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-2601"
      ],
      "details": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.",
      "id": "GSD-2022-2601",
      "modified": "2023-12-13T01:19:20.189496Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2022-2601",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "grub2",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "grub2 2.06 and lower"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-122-\u003eCWE-787"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20230203-0004/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20230203-0004/"
          },
          {
            "name": "GLSA-202311-14",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202311-14"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:grub2:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.06",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2022-2601"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20230203-0004/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20230203-0004/"
            },
            {
              "name": "GLSA-202311-14",
              "refsource": "",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202311-14"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2023-11-25T12:15Z",
      "publishedDate": "2022-12-14T21:15Z"
    }
  }
}

GHSA-C8F6-X9XM-X27G

Vulnerability from github – Published: 2022-12-14 21:30 – Updated: 2022-12-16 21:30

Details

Severity ?

8.6 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2022-2601"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-12-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.",
  "id": "GHSA-c8f6-x9xm-x27g",
  "modified": "2022-12-16T21:30:43Z",
  "published": "2022-12-14T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2601"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2112975#c0"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202311-14"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20230203-0004"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-2601 (GCVE-0-2022-2601)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solution

Solutions

Solution

Solutions

Solutions

Tags

Sightings

Nomenclature