Vulnerability-Lookup

CVE-2021-20271 (GCVE-0-2021-20271)

Vulnerability from cvelistv5 – Published: 2021-03-26 00:00 – Updated: 2024-08-03 17:37

Summary

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Severity

No CVSS data available.

CWE

CWE-345

Assigner

redhat

References

7 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1934125
https://github.com/rpm-software-management/rpm/co…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://security.gentoo.org/glsa/202107-43	vendor-advisory
https://www.starwindsoftware.com/security/sw-2022…

Impacted products

1 product

Vendor	Product	Version
n/a	rpm	Affected: all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.716Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
          },
          {
            "name": "FEDORA-2021-2383d950fd",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
          },
          {
            "name": "FEDORA-2021-8d52a8a999",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
          },
          {
            "name": "FEDORA-2021-662680e477",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
          },
          {
            "name": "GLSA-202107-43",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202107-43"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "rpm",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-345",
              "description": "CWE-345",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-11T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
        },
        {
          "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
        },
        {
          "name": "FEDORA-2021-2383d950fd",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
        },
        {
          "name": "FEDORA-2021-8d52a8a999",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
        },
        {
          "name": "FEDORA-2021-662680e477",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
        },
        {
          "name": "GLSA-202107-43",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202107-43"
        },
        {
          "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20271",
    "datePublished": "2021-03-26T00:00:00.000Z",
    "dateReserved": "2020-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:37:23.716Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-20271",
      "date": "2026-05-28",
      "epss": "0.00228",
      "percentile": "0.45595"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-20271\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-03-26T17:15:13.000\",\"lastModified\":\"2024-11-21T05:46:15.240\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un fallo en la funcionalidad de comprobaci\u00f3n de firmas de RPM cuando se lee un archivo de paquete. Este fallo permite a un atacante que pueda convencer a una v\u00edctima de instalar un paquete aparentemente verificable, cuyo encabezado de firma fue modificado, causar una corrupci\u00f3n de la base de datos de RPM y ejecutar c\u00f3digo. La mayor amenaza de esta vulnerabilidad es la integridad de los datos, la confidencialidad y la disponibilidad del sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-345\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15.0\",\"versionEndExcluding\":\"4.15.1.3\",\"matchCriteriaId\":\"5017E785-D9A4-40BE-ADD8-4421BB138131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.16.0\",\"versionEndExcluding\":\"4.16.1.3\",\"matchCriteriaId\":\"F22989FC-E9C0-4189-BDFE-69346C3F8495\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.15.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E77F834-98D9-45CA-A442-97362CEAB09C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.15.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"40503D12-35BC-4515-A293-F39A37B23A38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.15.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"19299515-DF82-48A3-BA65-0DE705E75CA5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.16.0:alpha:*:*:*:*:*:*\",\"matchCriteriaId\":\"0565E985-6BD3-45E1-928C-B67E18B7B56E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.16.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"96BDFF27-D2ED-48F9-91FB-377D1244A0A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.16.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA51C420-EFCB-4068-A981-E99722C5FAD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rpm:rpm:4.16.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"653B69E5-0E47-49EF-AD3D-218C86252E7C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*\",\"matchCriteriaId\":\"2561CD5F-82A9-464E-B571-44634187B497\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1934125\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202107-43\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.starwindsoftware.com/security/sw-20220805-0002/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1934125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202107-43\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.starwindsoftware.com/security/sw-20220805-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

BDU:2022-00716

Vulnerability from fstec - Published: 26.03.2021

Title

Уязвимость функции проверки электронной подписи менеджера RPM-пакетов RPM (RPM Package Manager), позволяющая нарушителю нарушить конфиденциальность, целостность и доступность данных

Description

Уязвимость функции check программного обеспечения rpm rpm связана с недостаточной проверкой подлинности данных. Эксплуатация уязвимости может позволить нарушителю нарушить конфиденциальность, целостность и доступность данных

Severity


                    
                      AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., Сообщество свободного программного обеспечения, Fedora Project, Novell Inc., ООО «РусБИТех-Астра», АО "НППКТ"

Software Name

Red Hat Enterprise Linux, Debian GNU/Linux, Fedora, OpenSUSE Leap, Astra Linux Special Edition (запись в едином реестре российских программ №369), RPM, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 32 (Fedora), 15.2 (OpenSUSE Leap), 33 (Fedora), 8.2 Extended Update Support (Red Hat Enterprise Linux), 34 (Fedora), 15.3 (OpenSUSE Leap), 7.6 Telco Extended Update Support (Red Hat Enterprise Linux), 7.6 Advanced Update Support (Red Hat Enterprise Linux), 7.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.7 Advanced Update Support (Red Hat Enterprise Linux), 7.7 Telco Extended Update Support (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), от 4.15.0 до 4.15.1.3 (RPM), 4.15.0 alpha (RPM), 4.15.0 beta1 (RPM), 4.15.0 rc1 (RPM), от 4.16.0 до 4.16.1.3 (RPM), 4.16.0 alpha (RPM), 4.16.0 beta2 (RPM), 4.16.0 beta3 (RPM), 4.16.0 rc1 (RPM), 4.7 (Astra Linux Special Edition), до 2.5 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21 https://bugzilla.redhat.com/show_bug.cgi?id=1934125 Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2021-20271 Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20271.xml Для Fedora: https://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org&q=CVE-2021-20271 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2021-20271 Для ОСОН Основа: Обновление программного обеспечения rpm до версии 4.16.1.2+dfsg1-3 Для Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD Для Astra Linux Special Edition для архитектуры ARM для 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD

Reference

https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21 https://bugzilla.redhat.com/show_bug.cgi?id=1934125 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/ https://security.gentoo.org/glsa/202107-43 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.5/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD

CWE

CWE-345

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Fedora Project, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 9 (Debian GNU/Linux), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 32 (Fedora), 15.2 (OpenSUSE Leap), 33 (Fedora), 8.2 Extended Update Support (Red Hat Enterprise Linux), 34 (Fedora), 15.3 (OpenSUSE Leap), 7.6 Telco Extended Update Support (Red Hat Enterprise Linux), 7.6 Advanced Update Support (Red Hat Enterprise Linux), 7.6 Update Services for SAP Solutions (Red Hat Enterprise Linux), 7.7 Advanced Update Support (Red Hat Enterprise Linux), 7.7 Telco Extended Update Support (Red Hat Enterprise Linux), 11 (Debian GNU/Linux), 1.7 (Astra Linux Special Edition), \u043e\u0442 4.15.0 \u0434\u043e 4.15.1.3 (RPM), 4.15.0 alpha (RPM), 4.15.0 beta1 (RPM), 4.15.0 rc1 (RPM), \u043e\u0442 4.16.0 \u0434\u043e 4.16.1.3 (RPM), 4.16.0 alpha (RPM), 4.16.0 beta2 (RPM), 4.16.0 beta3 (RPM), 4.16.0 rc1 (RPM), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.5 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1934125\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2021-20271\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20271.xml\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/search?mlist=package-announce%40lists.fedoraproject.org\u0026q=CVE-2021-20271\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-20271\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f rpm \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 4.16.1.2+dfsg1-3\n\n\u0414\u043b\u044f Astra Linux Special Edition 1.7: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD\n\n\u0414\u043b\u044f Astra Linux Special Edition \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM \u0434\u043b\u044f 4.7: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "26.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "04.04.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "10.02.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-00716",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-20271",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Debian GNU/Linux, Fedora, OpenSUSE Leap, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), RPM, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 IA-32, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 32 , Novell Inc. OpenSUSE Leap 15.2 , Fedora Project Fedora 33 , Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support , Fedora Project Fedora 34 , Novell Inc. OpenSUSE Leap 15.3 , Red Hat Inc. Red Hat Enterprise Linux 7.6 Telco Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.6 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 7.7 Advanced Update Support , Red Hat Inc. Red Hat Enterprise Linux 7.7 Telco Extended Update Support , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0430 RPM-\u043f\u0430\u043a\u0435\u0442\u043e\u0432 RPM (RPM Package Manager), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-345)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 check \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f rpm rpm \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c, \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u0438 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041f\u043e\u0434\u043c\u0435\u043d\u0430 \u043f\u0440\u0438 \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1934125\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/\nhttps://security.gentoo.org/glsa/202107-43\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.5/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0303SE17MD\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0316SE47MD",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-345",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,1)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

CERTFR-2021-AVI-791

Vulnerability from certfr_avis - Published: 2021-10-15 - Updated: 2021-10-15

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP3
IBM	N/A	CP4S versions 1.7.0 à 1.7.2 antérieures à 1.8.0.0
IBM	Cognos Analytics	IBM Cognos Analytics versions 11.2.x antérieures à 11.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 6491661 du 14 octobre 2021	None	vendor-advisory
Bulletin de sécurité IBM 6493729 du 14 octobre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "CP4S versions 1.7.0 \u00e0 1.7.2 ant\u00e9rieures \u00e0 1.8.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.1",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2020-8315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8315"
    },
    {
      "name": "CVE-2021-25215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25215"
    },
    {
      "name": "CVE-2020-24977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24977"
    },
    {
      "name": "CVE-2020-13543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13543"
    },
    {
      "name": "CVE-2021-23364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23364"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2021-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
    },
    {
      "name": "CVE-2021-23336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23336"
    },
    {
      "name": "CVE-2021-2163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
    },
    {
      "name": "CVE-2021-3537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3537"
    },
    {
      "name": "CVE-2021-27290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-20271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
    },
    {
      "name": "CVE-2021-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
    },
    {
      "name": "CVE-2017-12620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12620"
    },
    {
      "name": "CVE-2021-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
    },
    {
      "name": "CVE-2020-8622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8622"
    },
    {
      "name": "CVE-2020-29362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29362"
    },
    {
      "name": "CVE-2020-9983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9983"
    },
    {
      "name": "CVE-2021-1820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1820"
    },
    {
      "name": "CVE-2018-25011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25011"
    },
    {
      "name": "CVE-2020-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2020-9951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9951"
    },
    {
      "name": "CVE-2021-3421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3421"
    },
    {
      "name": "CVE-2021-20305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20305"
    },
    {
      "name": "CVE-2021-22918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
    },
    {
      "name": "CVE-2021-20578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20578"
    },
    {
      "name": "CVE-2020-8177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8177"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
    },
    {
      "name": "CVE-2021-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
    },
    {
      "name": "CVE-2020-14363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
    },
    {
      "name": "CVE-2019-2708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2708"
    },
    {
      "name": "CVE-2020-10878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
    },
    {
      "name": "CVE-2019-13012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13012"
    },
    {
      "name": "CVE-2021-29679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29679"
    },
    {
      "name": "CVE-2020-25648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25648"
    },
    {
      "name": "CVE-2021-2432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
    },
    {
      "name": "CVE-2020-8624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8624"
    },
    {
      "name": "CVE-2021-33910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
    },
    {
      "name": "CVE-2020-8284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8284"
    },
    {
      "name": "CVE-2020-14362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14362"
    },
    {
      "name": "CVE-2021-3516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
    },
    {
      "name": "CVE-2019-3842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3842"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2021-1826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1826"
    },
    {
      "name": "CVE-2020-8617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
    },
    {
      "name": "CVE-2017-14502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14502"
    },
    {
      "name": "CVE-2020-29361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29361"
    },
    {
      "name": "CVE-2021-1817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1817"
    },
    {
      "name": "CVE-2021-3520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
    },
    {
      "name": "CVE-2020-10029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
    },
    {
      "name": "CVE-2021-2369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
    },
    {
      "name": "CVE-2020-14347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14347"
    },
    {
      "name": "CVE-2020-14360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14360"
    },
    {
      "name": "CVE-2021-1825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1825"
    },
    {
      "name": "CVE-2020-13776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13776"
    },
    {
      "name": "CVE-2020-14346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14346"
    },
    {
      "name": "CVE-2020-14361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14361"
    },
    {
      "name": "CVE-2020-10543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10543"
    },
    {
      "name": "CVE-2021-30661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"
    },
    {
      "name": "CVE-2020-8927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
    },
    {
      "name": "CVE-2020-29363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29363"
    },
    {
      "name": "CVE-2021-3609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3609"
    },
    {
      "name": "CVE-2021-22543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
    },
    {
      "name": "CVE-2020-13584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13584"
    },
    {
      "name": "CVE-2020-36328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36328"
    },
    {
      "name": "CVE-2020-27619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
    },
    {
      "name": "CVE-2020-8492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
    },
    {
      "name": "CVE-2019-9169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
    },
    {
      "name": "CVE-2020-29573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
    },
    {
      "name": "CVE-2020-4951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-4951"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2020-8231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8231"
    },
    {
      "name": "CVE-2016-10228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10228"
    },
    {
      "name": "CVE-2020-28196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
    },
    {
      "name": "CVE-2021-22555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
    },
    {
      "name": "CVE-2020-26137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
    },
    {
      "name": "CVE-2021-25214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25214"
    },
    {
      "name": "CVE-2021-27218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27218"
    },
    {
      "name": "CVE-2020-13933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13933"
    },
    {
      "name": "CVE-2020-14344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14344"
    },
    {
      "name": "CVE-2021-3541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3541"
    },
    {
      "name": "CVE-2019-18276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
    },
    {
      "name": "CVE-2021-3326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
    },
    {
      "name": "CVE-2020-24332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24332"
    },
    {
      "name": "CVE-2020-25712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25712"
    },
    {
      "name": "CVE-2021-29745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29745"
    },
    {
      "name": "CVE-2020-24330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24330"
    },
    {
      "name": "CVE-2020-36329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36329"
    },
    {
      "name": "CVE-2021-29894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29894"
    },
    {
      "name": "CVE-2020-9948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9948"
    },
    {
      "name": "CVE-2020-27618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27618"
    },
    {
      "name": "CVE-2021-23362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23362"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2020-12049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2021-3518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
    },
    {
      "name": "CVE-2020-24331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24331"
    },
    {
      "name": "CVE-2020-14345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14345"
    },
    {
      "name": "CVE-2020-25692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25692"
    },
    {
      "name": "CVE-2020-8625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8625"
    }
  ],
  "initial_release_date": "2021-10-15T00:00:00",
  "last_revision_date": "2021-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-791",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6491661 du 14 octobre 2021",
      "url": "https://www.ibm.com/support/pages/node/6491661"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 6493729 du 14 octobre 2021",
      "url": "https://www.ibm.com/support/pages/node/6493729"
    }
  ]
}

CERTFR-2022-AVI-650

Vulnerability from certfr_avis - Published: 2022-07-15 - Updated: 2022-07-15

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2
Juniper Networks	Junos OS	Junos OS versions 21.1.x antérieures à 21.1R3-S1
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO
Juniper Networks	Junos OS	Junos OS versions 18.3.x antérieures à 18.3R3-S6
Juniper Networks	Junos OS	Junos OS versions 17.3.x antérieures à 17.3R3-S12
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3
Juniper Networks	Junos OS	Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3
Juniper Networks	Junos Space	Junos Space versions antérieures à 22.1R1
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2
Juniper Networks	Junos OS	Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	N/A	Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1
Juniper Networks	Junos OS	Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8
Juniper Networks	Junos OS	Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions supérieures à 20.1R1
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	Junos OS	Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8
Juniper Networks	Junos OS	Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3
Juniper Networks	Junos OS	Junos OS versions 20.2.x antérieures à 20.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1
Juniper Networks	Junos OS	Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à 21.4.0
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8
Juniper Networks	N/A	Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8
Juniper Networks	Junos OS	Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9
Juniper Networks	Junos OS	Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2
Juniper Networks	Junos OS	Junos OS versions 20.3.x antérieures à 20.3R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3
Juniper Networks	Junos OS	Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3
Juniper Networks	Junos OS	Junos OS versions 15.1.x antérieures à 15.1R7-S10
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S3-EVO
Juniper Networks	Junos OS	Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S21
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8
Juniper Networks	Junos OS	Junos OS versions 20.1.x antérieures à 20.1R3-S4
Juniper Networks	N/A	Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9
Juniper Networks	Junos OS	Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3
Juniper Networks	Junos OS	Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2
Juniper Networks	Junos OS	Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2
Juniper Networks	Junos OS	Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3
Juniper Networks	Junos OS	Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA69723 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69722 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69713 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69710 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69717 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69707 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69714 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69718 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69726 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69711 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69715 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69708 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69716 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69719 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69703 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69721 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69720 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69725 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69705 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69709 du 13 juillet 2022	None	vendor-advisory
Bulletin de sécurité Juniper JSA69706 du 13 juillet 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS sur plateformes MX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.1.x aant\u00e9rieures \u00e0 21.1R3-S1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 18.3.x ant\u00e9rieures \u00e0 18.3R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.3.x ant\u00e9rieures \u00e0 17.3R3-S12",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S2, 21.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S8, 19.2R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1-EVO, 21.3R3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S1, 21.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 22.1R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 22.1.x ant\u00e9rieures \u00e0 22.1R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 22.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes MX versions sup\u00e9rieures \u00e0 20.1R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 19.1.x ant\u00e9rieures \u00e0 19.1R2-S3, 19.1R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49, 15.1X49-D100 et suivantes ant\u00e9rieures \u00e0 19.2R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1-EVO, 21.2R3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes MX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2, 21.1R3-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1, 21.3R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 21.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S5, 19.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Contr\u00f4leur Juniper Networks NorthStar versions ant\u00e9rieures \u00e0 5.1.0 Service Pack 6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes MX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1, 21.2R2, 21.2R3-S1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1-EVO, 21.4R2-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX toutes versions ant\u00e9rieures \u00e0 19.1R3-S9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 19.3.x ant\u00e9rieures \u00e0 19.3R2-S7, 19.3R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 18.4.x ant\u00e9rieures \u00e0 18.4R2-S10, 18.4R3-S9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S3, 21.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1.x ant\u00e9rieures \u00e0 15.1R7-S10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S3-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes EX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S21",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes MX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes MX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Contr\u00f4leur Juniper Networks NorthStar versions 6.x ant\u00e9rieures \u00e0 6.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions ant\u00e9rieures \u00e0 19.1R3-S9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes QFX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes SRX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes MX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes MX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS sur plateformes PTX versions 21.3.x ant\u00e9rieures \u00e0 21.3R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 20.4.x ant\u00e9rieures \u00e0 20.4R2-S2, 20.4R3-S3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2003-0001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0001"
    },
    {
      "name": "CVE-2015-2716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
    },
    {
      "name": "CVE-2015-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
    },
    {
      "name": "CVE-2013-7422",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
    },
    {
      "name": "CVE-2015-7705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
    },
    {
      "name": "CVE-2015-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
    },
    {
      "name": "CVE-2016-2516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
    },
    {
      "name": "CVE-2016-4612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
    },
    {
      "name": "CVE-2016-4610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
    },
    {
      "name": "CVE-2016-4608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
    },
    {
      "name": "CVE-2016-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
    },
    {
      "name": "CVE-2016-4607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2016-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2016-8618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
    },
    {
      "name": "CVE-2016-8622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
    },
    {
      "name": "CVE-2016-8619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
    },
    {
      "name": "CVE-2016-5180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
    },
    {
      "name": "CVE-2016-9538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
    },
    {
      "name": "CVE-2016-9539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
    },
    {
      "name": "CVE-2017-0553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-1000368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
    },
    {
      "name": "CVE-2017-10989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2017-15412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
    },
    {
      "name": "CVE-2017-8817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
    },
    {
      "name": "CVE-2016-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2019-9518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
    },
    {
      "name": "CVE-2018-14721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
    },
    {
      "name": "CVE-2019-8457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
    },
    {
      "name": "CVE-2019-1354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
    },
    {
      "name": "CVE-2019-1352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
    },
    {
      "name": "CVE-2019-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
    },
    {
      "name": "CVE-2019-1349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
    },
    {
      "name": "CVE-2019-1350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2020-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
    },
    {
      "name": "CVE-2020-2756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
    },
    {
      "name": "CVE-2020-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
    },
    {
      "name": "CVE-2020-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
    },
    {
      "name": "CVE-2020-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
    },
    {
      "name": "CVE-2020-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
    },
    {
      "name": "CVE-2020-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
    },
    {
      "name": "CVE-2020-2755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
    },
    {
      "name": "CVE-2020-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
    },
    {
      "name": "CVE-2020-2773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
    },
    {
      "name": "CVE-2020-8616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
    },
    {
      "name": "CVE-2020-8617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2017-14867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2020-14579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
    },
    {
      "name": "CVE-2020-14577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
    },
    {
      "name": "CVE-2020-14578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
    },
    {
      "name": "CVE-2020-14621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
    },
    {
      "name": "CVE-2020-14583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
    },
    {
      "name": "CVE-2020-14593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
    },
    {
      "name": "CVE-2020-14556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
    },
    {
      "name": "CVE-2020-11656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
    },
    {
      "name": "CVE-2020-1968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
    },
    {
      "name": "CVE-2020-15999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2020-25696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25696"
    },
    {
      "name": "CVE-2020-13631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
    },
    {
      "name": "CVE-2020-13435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
    },
    {
      "name": "CVE-2020-13434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2020-13630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
    },
    {
      "name": "CVE-2020-25704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-23839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2019-25013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
    },
    {
      "name": "CVE-2021-28950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
    },
    {
      "name": "CVE-2020-36322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
    },
    {
      "name": "CVE-2021-23017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
    },
    {
      "name": "CVE-2020-36385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
    },
    {
      "name": "CVE-2020-10878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
    },
    {
      "name": "CVE-2020-13632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
    },
    {
      "name": "CVE-2020-11655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
    },
    {
      "name": "CVE-2020-29573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
    },
    {
      "name": "CVE-2020-10029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2020-12049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
    },
    {
      "name": "CVE-2020-14363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
    },
    {
      "name": "CVE-2019-18276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
    },
    {
      "name": "CVE-2021-3520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
    },
    {
      "name": "CVE-2019-9169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
    },
    {
      "name": "CVE-2021-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
    },
    {
      "name": "CVE-2021-20271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
    },
    {
      "name": "CVE-2020-27619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
    },
    {
      "name": "CVE-2020-8492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
    },
    {
      "name": "CVE-2021-20227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2021-35586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
    },
    {
      "name": "CVE-2021-35559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
    },
    {
      "name": "CVE-2021-35567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2021-35561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
    },
    {
      "name": "CVE-2021-35565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
    },
    {
      "name": "CVE-2021-35588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
    },
    {
      "name": "CVE-2021-35564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
    },
    {
      "name": "CVE-2021-35556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
    },
    {
      "name": "CVE-2021-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
    },
    {
      "name": "CVE-2020-13871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
    },
    {
      "name": "CVE-2020-25717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
    },
    {
      "name": "CVE-2016-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
    },
    {
      "name": "CVE-2021-42739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
    },
    {
      "name": "CVE-2019-9924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2022-21304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
    },
    {
      "name": "CVE-2022-21245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
    },
    {
      "name": "CVE-2022-21344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
    },
    {
      "name": "CVE-2022-21270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
    },
    {
      "name": "CVE-2022-21367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
    },
    {
      "name": "CVE-2022-21303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
    },
    {
      "name": "CVE-2020-9327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
    },
    {
      "name": "CVE-2021-41617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2014-6272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
    },
    {
      "name": "CVE-2015-6525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
    },
    {
      "name": "CVE-2018-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
    },
    {
      "name": "CVE-2017-1000158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
    },
    {
      "name": "CVE-2020-14343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
    },
    {
      "name": "CVE-2018-1000654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
    },
    {
      "name": "CVE-2014-9471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2017-12562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12562"
    },
    {
      "name": "CVE-2018-14567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
    },
    {
      "name": "CVE-2022-22217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22217"
    },
    {
      "name": "CVE-2016-4484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4484"
    },
    {
      "name": "CVE-2015-4042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4042"
    },
    {
      "name": "CVE-2016-7943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7943"
    },
    {
      "name": "CVE-2016-6318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6318"
    },
    {
      "name": "CVE-2017-7500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
    },
    {
      "name": "CVE-2016-7942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7942"
    },
    {
      "name": "CVE-2017-9117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9117"
    },
    {
      "name": "CVE-2022-22203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22203"
    },
    {
      "name": "CVE-2015-5228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5228"
    },
    {
      "name": "CVE-2021-42574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
    },
    {
      "name": "CVE-2022-22216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22216"
    },
    {
      "name": "CVE-2015-7805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7805"
    },
    {
      "name": "CVE-2017-8779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8779"
    },
    {
      "name": "CVE-2022-22206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22206"
    },
    {
      "name": "CVE-2016-7947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7947"
    },
    {
      "name": "CVE-2016-7951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7951"
    },
    {
      "name": "CVE-2018-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
    },
    {
      "name": "CVE-2018-6954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
    },
    {
      "name": "CVE-2014-9488",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9488"
    },
    {
      "name": "CVE-2018-14720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
    },
    {
      "name": "CVE-2017-15994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15994"
    },
    {
      "name": "CVE-2022-22209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22209"
    },
    {
      "name": "CVE-2015-8540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8540"
    },
    {
      "name": "CVE-2016-7950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7950"
    },
    {
      "name": "CVE-2017-14930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14930"
    },
    {
      "name": "CVE-2017-8105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8105"
    },
    {
      "name": "CVE-2016-7949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7949"
    },
    {
      "name": "CVE-2017-5225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5225"
    },
    {
      "name": "CVE-2016-1951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1951"
    },
    {
      "name": "CVE-2017-8871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8871"
    },
    {
      "name": "CVE-2018-19362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
    },
    {
      "name": "CVE-2022-22215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22215"
    },
    {
      "name": "CVE-2015-7036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7036"
    },
    {
      "name": "CVE-2016-2779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2779"
    },
    {
      "name": "CVE-2022-22213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22213"
    },
    {
      "name": "CVE-2016-10195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
    },
    {
      "name": "CVE-2014-5044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5044"
    },
    {
      "name": "CVE-2016-7944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7944"
    },
    {
      "name": "CVE-2014-9114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9114"
    },
    {
      "name": "CVE-2014-9474",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9474"
    },
    {
      "name": "CVE-2015-2059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2059"
    },
    {
      "name": "CVE-2022-22207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22207"
    },
    {
      "name": "CVE-2022-22205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22205"
    },
    {
      "name": "CVE-2022-22204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22204"
    },
    {
      "name": "CVE-2017-5929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
    },
    {
      "name": "CVE-2018-19361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
    },
    {
      "name": "CVE-2017-10685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10685"
    },
    {
      "name": "CVE-2021-33574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
    },
    {
      "name": "CVE-2015-8947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
    },
    {
      "name": "CVE-2019-9893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9893"
    },
    {
      "name": "CVE-2016-1238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1238"
    },
    {
      "name": "CVE-2016-7948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7948"
    },
    {
      "name": "CVE-2014-9746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9746"
    },
    {
      "name": "CVE-2018-14719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
    },
    {
      "name": "CVE-2016-2052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
    },
    {
      "name": "CVE-2021-3487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3487"
    },
    {
      "name": "CVE-2022-22214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22214"
    },
    {
      "name": "CVE-2014-4043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-4043"
    },
    {
      "name": "CVE-2022-22221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22221"
    },
    {
      "name": "CVE-2022-22212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22212"
    },
    {
      "name": "CVE-2017-16548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16548"
    },
    {
      "name": "CVE-2021-36690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
    },
    {
      "name": "CVE-2014-9939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9939"
    },
    {
      "name": "CVE-2017-11164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
    },
    {
      "name": "CVE-2015-3308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3308"
    },
    {
      "name": "CVE-2017-7614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7614"
    },
    {
      "name": "CVE-2022-22202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22202"
    },
    {
      "name": "CVE-2017-8421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8421"
    },
    {
      "name": "CVE-2017-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14062"
    },
    {
      "name": "CVE-2018-14718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
    },
    {
      "name": "CVE-2022-22218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
    },
    {
      "name": "CVE-2017-10684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10684"
    },
    {
      "name": "CVE-2022-22210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22210"
    },
    {
      "name": "CVE-2017-13716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
    },
    {
      "name": "CVE-2021-37750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
    },
    {
      "name": "CVE-2015-5602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5602"
    },
    {
      "name": "CVE-2018-11307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
    },
    {
      "name": "CVE-2018-19360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
    },
    {
      "name": "CVE-2017-17434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17434"
    },
    {
      "name": "CVE-2017-8287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8287"
    },
    {
      "name": "CVE-2017-8804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8804"
    }
  ],
  "initial_release_date": "2022-07-15T00:00:00",
  "last_revision_date": "2022-07-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-650",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-07-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69723 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69722 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69713 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-RIB-and-PFEs-can-get-out-of-sync-due-to-a-memory-leak-caused-by-interface-flaps-or-route-churn-CVE-2022-22209"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69710 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-series-The-PFE-will-crash-when-specific-traffic-is-scanned-by-Enhanced-Web-Filtering-safe-search-CVE-2022-22206"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69717 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Denial-of-Service-DoS-vulnerability-in-RPD-upon-receipt-of-specific-BGP-update-CVE-2022-22213"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69707 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-Receipt-of-specific-traffic-will-lead-to-an-fxpc-process-crash-followed-by-an-FPC-reboot-CVE-2022-22203"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69714 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-MX-Series-An-l2alm-crash-leading-to-an-FPC-crash-can-be-observed-in-VxLAN-scenario-CVE-2022-22210"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69718 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-MPLS-scenario-upon-receipt-of-a-specific-IPv6-packet-an-FPC-will-crash-CVE-2022-22214"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69726 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69711 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC11-In-a-GNF-node-slicing-scenario-gathering-AF-interface-statistics-can-lead-to-a-kernel-crash-CVE-2022-22207"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69715 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-OpenSSL-security-fixes"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69708 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-When-receiving-a-specific-SIP-packets-stale-call-table-entries-are-created-which-eventually-leads-to-a-DoS-for-all-SIP-traffic-CVE-2022-22204"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69716 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-hostbound-traffic-will-cause-unexpected-hostbound-traffic-delays-or-drops-CVE-2022-22212"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69719 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-var-run-pid-env-files-are-potentially-not-deleted-during-termination-of-a-gRPC-connection-causing-inode-exhaustion-CVE-2022-22215"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69703 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69721 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX10k-Series-Denial-of-Service-DoS-upon-receipt-of-crafted-MLD-packets-on-multi-homing-ESI-in-VXLAN-CVE-2022-22217"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69720 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Etherleak-memory-disclosure-in-Ethernet-padding-data-CVE-2022-22216"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69725 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69705 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-in-SQLite-resolved"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69709 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69706 du 13 juillet 2022",
      "url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-FPCs-may-restart-unexpectedly-upon-receipt-of-specific-MPLS-packets-with-certain-multi-unit-interface-configurations-CVE-2022-22202"
    }
  ]
}

CERTFR-2022-AVI-916

Vulnerability from certfr_avis - Published: 2022-10-13 - Updated: 2022-10-13

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Contrail Networking versions antérieures à R22.3
Juniper Networks	N/A	Paragon Active Assurance (anciennement Netrounds) versions antérieures à 3.1.1
Juniper Networks	Junos Space	Junos Space versions antérieures à 22.2R1
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO
Juniper Networks	N/A	Contrail Networking versions antérieures à 2011.L5
Juniper Networks	N/A	Steel Belted Radius Carrier Edition versions antérieures à 8.6.0R16
Juniper Networks	Junos OS	Junos OS versions antérieures à 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1
Juniper Networks	Session Smart Router	Session Smart Router versions antérieures à 5.4.7
Juniper Networks	Session Smart Router	Session Smart Router versions 5.5.x antérieures à 5.5.3
Juniper Networks	N/A	Paragon Active Assurance (anciennement Netrounds) versions 3.2.x antérieures à 3.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA69906	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69885	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69888	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69886	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69899	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69881	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69894	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69898	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69895	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69908	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69874	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69902	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69879	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69890	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69875	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69915	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69878	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69907	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69891	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69882	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69876	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69892	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69889	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69887	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69903	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69900	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69884	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69901	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69905	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69893	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69904	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69880	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69873	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69896	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69897	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69916	2022-10-12	vendor-advisory
Bulletin de sécurité Juniper JSA69883	2022-10-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Paragon Active Assurance (anciennement Netrounds) versions ant\u00e9rieures \u00e0 3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 22.2R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S4-EVO, 21.2R2-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S3-EVO, 21.1R2-EVO, 21.2R1-EVO, 20.4R3-S4-EVO, 21.3R3-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S4-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 21.4R3-EVO, 22.1R1-S2-EVO, 22.1R3-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S5-EVO, 21.1R3-EVO, 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, 20.4R3-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S3-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-S1-EVO, 21.4R2-EVO, 22.1R1-EVO, 20.4R3-S1-EVO, 21.2R1-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.4R3-S5-EVO, 21.1R3-S2-EVO, 21.2R3-S1-EVO, 21.3R3-S2-EVO, 21.4R2-EVO, 22.1R2-EVO, 22.2R2-EVO, 22.3R1-EVO, 20.4R3-S4-EVO, 21.1R3-S2-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, 20.2R3-S3-EVO, 20.4R3-S1-EVO, 21.3R2-EVO, 21.4R1-EVO, 21.1R3-S2-EVO, 21.2R3-S2-EVO, 21.3R3-EVO, 21.4R1-S1-EVO, 21.4R2-EVO et 22.1R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Steel Belted Radius Carrier Edition versions ant\u00e9rieures \u00e0 8.6.0R16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 19.2R3-S6, 20.2R3-S4, 20.3R3-S3, 20.4R3-S4, 21.1R2, 21.2R2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S4, 20.4R3-S4, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S2, 21.4R2, 22.1R1, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S4, 20.3R3-S3, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R1-S2, 21.3R2, 21.4R1, 19.1R3-S9, 19.2R3-S5, 19.3R3-S3, 19.4R3-S9, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, 15.1R7-S11, 18.4R2-S10, 18.4R3-S10, 19.1R3-S8, 19.2R3-S4, 19.3R3-S5, 19.4R2-S6, 19.4R3-S7, 20.1R3-S3, 20.2R3-S3, 20.3R3-S2, 20.4R3-S4, 21.1R3, 21.2R3-S3, 21.3R3-S1, 21.4R1, 15.1R7-S13, 19.1R3-S9, 19.2R3-S6, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.2R3-S5, 20.3R3-S5, 20.4R3-S2, 21.1R3, 21.2R3, 21.3R2, 21.4R1, 18.4R2-S10, 18.4R3-S10, 19.1R3-S7, 19.2R1-S8, 19.2R3-S4, 19.4R3-S8, 20.2R3-S3, 20.3R3-S2, 20.4R3, 21.1R2, 21.2R1, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R1-S1, 22.2R2, 22.3R1, 21.3R3-S2, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R3, 22.2R2, 22.3R1, 21.2R3-S1, 21.3R2-S2, 21.3R3, 21.4R2-S1, 21.4R3, 22.1R1-S1, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 17.3R3-S12, 17.4R2-S13, 17.4R3-S5, 18.1R3-S13, 18.2R3-S8, 18.3R3-S5, 18.4R1-S8, 18.4R2-S6, 18.4R3-S6, 19.1R3-S4, 19.2R1-S7, 19.2R3-S1, 19.3R2-S6, 19.3R3-S1, 19.4R1-S4, 19.4R2-S4, 19.4R3-S1, 20.1R2, 20.2R2-S3, 20.2R3, 20.3R2, 20.4R1, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, 18.4R3-S11, 19.1R3-S9, 19.2R1-S9, 19.2R3-S5, 19.3R3-S6, 19.4R2-S7, 19.4R3-S8, 20.1R3-S4, 20.2R3-S4, 20.3R3-S4, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R2, 22.1R1, 19.2R3-S5, 19.3R3-S5, 19.4R2-S6, 19.4R3-S8, 20.2R3-S4, 20.3R3-S3, 20.4R3-S3, 21.1R3-S1, 21.2R3, 21.3R2, 21.4R1-S1, 21.4R2, 22.1R1, 19.4R3-S9, 20.2R3-S5, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R2-S1, 21.2R3, 21.3R2, 21.4R1, 21.4R1-S2, 21.4R2, 22.1R1, 19.2R3-S6, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.2R3-S1, 21.3R3-S2, 21.4R2, 22.1R2, 22.3R1, 18.4R2-S9, 18.4R3-S11, 19.1R3-S8, 19.3R3-S5, 19.4R2-S6, 19.4R3-S6, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3-S3, 21.2R2-S1, 21.2R3, 21.3R1, 19.1R3-S9, 19.2R3-S6, 19.3R3-S7, 19.4R3-S9, 20.1R3-S5, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S2, 21.3R3, 21.4R3, 22.1R2, 22.2R1, 19.4R3-S8, 20.1R3-S2, 20.2R3-S3, 20.3R3-S2, 20.4R3-S1, 21.1R3, 21.2R1-S2, 21.2R3, 21.3R2, 21.4R1, 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 21.4R3, 22.1R1-S1, 22.1R2 et 22.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions ant\u00e9rieures \u00e0 5.4.7",
      "product": {
        "name": "Session Smart Router",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Session Smart Router versions 5.5.x ant\u00e9rieures \u00e0 5.5.3",
      "product": {
        "name": "Session Smart Router",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Paragon Active Assurance (anciennement Netrounds) versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-22243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22243"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2020-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25710"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2022-24407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
    },
    {
      "name": "CVE-2021-35586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
    },
    {
      "name": "CVE-2022-22238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22238"
    },
    {
      "name": "CVE-2022-22249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22249"
    },
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2022-22227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22227"
    },
    {
      "name": "CVE-2016-0701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
    },
    {
      "name": "CVE-2021-25220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25220"
    },
    {
      "name": "CVE-2021-35567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
    },
    {
      "name": "CVE-2021-31535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
    },
    {
      "name": "CVE-2021-42574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
    },
    {
      "name": "CVE-2020-27777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27777"
    },
    {
      "name": "CVE-2022-22208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22208"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2017-5929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
    },
    {
      "name": "CVE-2022-22218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
    },
    {
      "name": "CVE-2021-20271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2022-22201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22201"
    },
    {
      "name": "CVE-2020-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
    },
    {
      "name": "CVE-2021-42771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42771"
    },
    {
      "name": "CVE-2021-29154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
    },
    {
      "name": "CVE-2018-20532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20532"
    },
    {
      "name": "CVE-2022-22246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22246"
    },
    {
      "name": "CVE-2007-6755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
    },
    {
      "name": "CVE-2020-29661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29661"
    },
    {
      "name": "CVE-2022-22250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22250"
    },
    {
      "name": "CVE-2022-22192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22192"
    },
    {
      "name": "CVE-2019-12735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
    },
    {
      "name": "CVE-2022-22239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22239"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2022-22241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22241"
    },
    {
      "name": "CVE-2020-25212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25212"
    },
    {
      "name": "CVE-2019-2435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2435"
    },
    {
      "name": "CVE-2021-27363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
    },
    {
      "name": "CVE-2022-22226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22226"
    },
    {
      "name": "CVE-2015-9262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9262"
    },
    {
      "name": "CVE-2021-4160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
    },
    {
      "name": "CVE-2020-24394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24394"
    },
    {
      "name": "CVE-2021-35559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
    },
    {
      "name": "CVE-2021-3573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
    },
    {
      "name": "CVE-2019-19532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19532"
    },
    {
      "name": "CVE-2020-14314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14314"
    },
    {
      "name": "CVE-2021-27364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
    },
    {
      "name": "CVE-2021-35565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
    },
    {
      "name": "CVE-2022-22229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22229"
    },
    {
      "name": "CVE-2018-20534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20534"
    },
    {
      "name": "CVE-2016-4658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22225"
    },
    {
      "name": "CVE-2020-12364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2021-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
    },
    {
      "name": "CVE-2022-22245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22245"
    },
    {
      "name": "CVE-2022-25314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
    },
    {
      "name": "CVE-2022-0330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
    },
    {
      "name": "CVE-2022-23990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
    },
    {
      "name": "CVE-2019-1543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
    },
    {
      "name": "CVE-2018-10689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10689"
    },
    {
      "name": "CVE-2016-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
    },
    {
      "name": "CVE-2021-27365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
    },
    {
      "name": "CVE-2020-8648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2020-27170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
    },
    {
      "name": "CVE-2020-25705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2022-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
    },
    {
      "name": "CVE-2020-14385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14385"
    },
    {
      "name": "CVE-2022-22232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22232"
    },
    {
      "name": "CVE-2019-18282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18282"
    },
    {
      "name": "CVE-2020-12321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12321"
    },
    {
      "name": "CVE-2022-22240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22240"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2019-20811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20811"
    },
    {
      "name": "CVE-2020-12363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
    },
    {
      "name": "CVE-2021-43527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43527"
    },
    {
      "name": "CVE-2022-22942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
    },
    {
      "name": "CVE-2021-3656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3656"
    },
    {
      "name": "CVE-2021-35588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
    },
    {
      "name": "CVE-2022-22234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22234"
    },
    {
      "name": "CVE-2022-22242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22242"
    },
    {
      "name": "CVE-2022-1271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
    },
    {
      "name": "CVE-2021-22543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
    },
    {
      "name": "CVE-2022-22251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22251"
    },
    {
      "name": "CVE-2008-5161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-5161"
    },
    {
      "name": "CVE-2022-22244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22244"
    },
    {
      "name": "CVE-2019-20934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
    },
    {
      "name": "CVE-2021-29650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
    },
    {
      "name": "CVE-2021-3715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
    },
    {
      "name": "CVE-2022-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22233"
    },
    {
      "name": "CVE-2021-4155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
    },
    {
      "name": "CVE-2021-45417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45417"
    },
    {
      "name": "CVE-2020-10769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10769"
    },
    {
      "name": "CVE-2018-20533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20533"
    },
    {
      "name": "CVE-2021-3564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
    },
    {
      "name": "CVE-2020-25656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25656"
    },
    {
      "name": "CVE-2021-3752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
    },
    {
      "name": "CVE-2022-22224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22224"
    },
    {
      "name": "CVE-2021-20265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20265"
    },
    {
      "name": "CVE-2021-3177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
    },
    {
      "name": "CVE-2020-25211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25211"
    },
    {
      "name": "CVE-2022-0492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-22247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22247"
    },
    {
      "name": "CVE-2020-12362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2021-22555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
    },
    {
      "name": "CVE-2021-3347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2021-37576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2020-28374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28374"
    },
    {
      "name": "CVE-2021-0920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
    },
    {
      "name": "CVE-2022-22199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22199"
    },
    {
      "name": "CVE-2021-42550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2022-22236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22236"
    },
    {
      "name": "CVE-2020-7053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7053"
    },
    {
      "name": "CVE-2022-22248",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22248"
    },
    {
      "name": "CVE-2019-9518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
    },
    {
      "name": "CVE-2022-22220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22220"
    },
    {
      "name": "CVE-2021-32399",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
    },
    {
      "name": "CVE-2021-35564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2022-22228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22228"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2020-14351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14351"
    },
    {
      "name": "CVE-2020-25709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2020-25643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25643"
    },
    {
      "name": "CVE-2022-22223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22223"
    },
    {
      "name": "CVE-2020-25645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25645"
    },
    {
      "name": "CVE-2021-35556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
    },
    {
      "name": "CVE-2020-25717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
    },
    {
      "name": "CVE-2021-3765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
    },
    {
      "name": "CVE-2021-41617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
    },
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    },
    {
      "name": "CVE-2022-24903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2019-2684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2684"
    },
    {
      "name": "CVE-2021-0543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0543"
    },
    {
      "name": "CVE-2021-3653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3653"
    },
    {
      "name": "CVE-2022-22231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22231"
    },
    {
      "name": "CVE-2021-35561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
    },
    {
      "name": "CVE-2022-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22235"
    },
    {
      "name": "CVE-2020-0427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0427"
    },
    {
      "name": "CVE-2020-28469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
    },
    {
      "name": "CVE-2022-22211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22211"
    },
    {
      "name": "CVE-2020-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
    },
    {
      "name": "CVE-2022-22230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22230"
    },
    {
      "name": "CVE-2022-22237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22237"
    },
    {
      "name": "CVE-2021-37750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
    }
  ],
  "initial_release_date": "2022-10-13T00:00:00",
  "last_revision_date": "2022-10-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-916",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69906",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-MX-Series-An-FPC-crash-might-be-seen-due-to-mac-moves-within-the-same-bridge-domain-CVE-2022-22249"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69885",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-UTM-Enhanced-Content-Filtering-and-AntiVirus-are-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22231"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69888",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Cache-poisoning-vulnerability-in-BIND-used-by-DNS-Proxy-CVE-2021-25220"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69886",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-If-Unified-Threat-Management-UTM-Enhanced-Content-Filtering-CF-is-enabled-and-specific-traffic-is-processed-the-PFE-will-crash-CVE-2022-22232"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69899",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69881",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-SBR-Carrier-Multiple-Vulnerabilities-resolved-in-version-8-6-0R16-64-bit-Solaris-and-Linux-editions"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69894",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-The-rpd-process-will-crash-when-a-malformed-incoming-RESV-message-is-processed-CVE-2022-22238"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69898",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-core-upon-receipt-of-a-specific-EVPN-route-by-a-BGP-route-reflector-in-an-EVPN-environment-CVE-2022-22199"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69895",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-The-ssh-CLI-command-always-runs-as-root-which-can-lead-to-privilege-escalation-CVE-2022-22239"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69908",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-cSRX-Series-Storing-Passwords-in-a-Recoverable-Format-and-software-permissions-issues-allows-a-local-attacker-to-elevate-privileges-CVE-2022-22251"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69874",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PPMD-goes-into-infinite-loop-upon-receipt-of-malformed-OSPF-TLV-CVE-2022-22224"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69902",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Due-to-a-race-condition-the-rpd-process-can-crash-upon-receipt-of-a-BGP-update-message-containing-flow-spec-route-CVE-2022-22220"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69879",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-crash-can-occur-due-to-memory-corruption-caused-by-flapping-BGP-sessions-CVE-2022-22208"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69890",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX2300-and-EX3400-Series-One-of-more-SFPs-might-become-unavailable-when-the-system-is-very-busy-CVE-2022-22234"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69875",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BGP-multipath-scenario-when-one-of-the-contributing-routes-is-flapping-often-and-rapidly-rpd-may-crash-CVE-2022-22225"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69915",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-An-attacker-can-cause-a-kernel-panic-by-sending-a-malformed-TCP-packet-to-the-device-CVE-2022-22192"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69878",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-ACX7000-Series-Specific-IPv6-transit-traffic-gets-exceptioned-to-the-routing-engine-which-will-cause-increased-CPU-utilization-CVE-2022-22227"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69907",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-FPC-might-crash-and-reload-if-the-EVPN-MAC-entry-is-move-from-local-to-remote-CVE-2022-22250"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69891",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-A-flowd-core-will-be-observed-when-malformed-GPRS-traffic-is-processed-CVE-2022-22235"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69882",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69876",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-EX4300-MP-EX4600-QFX5000-Series-In-VxLAN-scenarios-specific-packets-processed-cause-a-memory-leak-leading-to-a-PFE-crash-CVE-2022-22226"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69892",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-When-specific-valid-SIP-packets-are-received-the-PFE-will-crash-CVE-2022-22236"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69889",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Session-Smart-Router-Multiple-vulnerabilities-resolved"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69887",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-SR-to-LDP-interworking-scenario-with-SRMS-when-a-specific-low-privileged-command-is-issued-on-an-ABR-rpd-will-crash-CVE-2022-22233"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69900",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX5000-Series-with-SPC3-SRX4000-Series-and-vSRX-When-PowerMode-IPsec-is-configured-the-PFE-will-crash-upon-receipt-of-a-malformed-ESP-packet-CVE-2022-22201"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69884",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-specific-OSPFv3-LSAs-CVE-2022-22230"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69901",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-SRX-Series-Upon-processing-of-a-genuine-packet-the-pkid-process-will-crash-during-CMPv2-auto-re-enrollment-CVE-2022-22218"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69905",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Incorrect-file-permissions-can-allow-low-privileged-user-to-cause-another-user-to-execute-arbitrary-commands-CVE-2022-22248"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69893",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Peers-not-configured-for-TCP-AO-can-establish-a-BGP-or-LDP-session-even-if-authentication-is-configured-locally-CVE-2022-22237"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69904",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-Kernel-processing-of-unvalidated-TCP-segments-could-lead-to-a-Denial-of-Service-DoS-CVE-2022-22247"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69880",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-On-IPv6-OAM-SRv6-network-enabled-devices-an-attacker-sending-a-specific-genuine-packet-to-an-IPv6-address-configured-on-the-device-may-cause-a-RPD-memory-leak-leading-to-an-RPD-core-CVE-2022-22228"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69873",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-QFX10000-Series-In-IP-MPLS-PHP-node-scenarios-upon-receipt-of-certain-crafted-packets-multiple-interfaces-in-LAG-configurations-may-detach-CVE-2022-22223"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69896",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-rpd-memory-leak-might-be-observed-while-running-a-specific-cli-command-in-a-RIB-sharding-scenario-CVE-2022-22240"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69897",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L5"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69916",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-Multiple-FPCs-become-unreachable-due-to-continuous-polling-of-specific-SNMP-OID-CVE-2022-22211"
    },
    {
      "published_at": "2022-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69883",
      "url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Paragon-Active-Assurance-Formerly-Netrounds-Stored-Cross-site-Scripting-XSS-vulnerability-in-web-administration-CVE-2022-22229"
    }
  ]
}

FKIE_CVE-2021-20271

Vulnerability from fkie_nvd - Published: 2021-03-26 17:15 - Updated: 2024-11-21 05:46

Severity

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1934125	Issue Tracking, Patch, Third Party Advisory
secalert@redhat.com	https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21	Patch, Third Party Advisory
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
secalert@redhat.com	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
secalert@redhat.com	https://security.gentoo.org/glsa/202107-43	Third Party Advisory
secalert@redhat.com	https://www.starwindsoftware.com/security/sw-20220805-0002/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1934125	Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202107-43	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.starwindsoftware.com/security/sw-20220805-0002/	Third Party Advisory

Impacted products

Vendor	Product	Version
rpm	rpm	*
rpm	rpm	*
rpm	rpm	4.15.0
rpm	rpm	4.15.0
rpm	rpm	4.15.0
rpm	rpm	4.16.0
rpm	rpm	4.16.0
rpm	rpm	4.16.0
rpm	rpm	4.16.0
redhat	enterprise_linux	8.0
fedoraproject	fedora	32
fedoraproject	fedora	33
fedoraproject	fedora	34
starwindsoftware	starwind_virtual_san	v8

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5017E785-D9A4-40BE-ADD8-4421BB138131",
              "versionEndExcluding": "4.15.1.3",
              "versionStartIncluding": "4.15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22989FC-E9C0-4189-BDFE-69346C3F8495",
              "versionEndExcluding": "4.16.1.3",
              "versionStartIncluding": "4.16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.15.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "6E77F834-98D9-45CA-A442-97362CEAB09C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.15.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "40503D12-35BC-4515-A293-F39A37B23A38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.15.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "19299515-DF82-48A3-BA65-0DE705E75CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.16.0:alpha:*:*:*:*:*:*",
              "matchCriteriaId": "0565E985-6BD3-45E1-928C-B67E18B7B56E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.16.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "96BDFF27-D2ED-48F9-91FB-377D1244A0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.16.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "EA51C420-EFCB-4068-A981-E99722C5FAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rpm:rpm:4.16.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "653B69E5-0E47-49EF-AD3D-218C86252E7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*",
              "matchCriteriaId": "2561CD5F-82A9-464E-B571-44634187B497",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un fallo en la funcionalidad de comprobaci\u00f3n de firmas de RPM cuando se lee un archivo de paquete. Este fallo permite a un atacante que pueda convencer a una v\u00edctima de instalar un paquete aparentemente verificable, cuyo encabezado de firma fue modificado, causar una corrupci\u00f3n de la base de datos de RPM y ejecutar c\u00f3digo. La mayor amenaza de esta vulnerabilidad es la integridad de los datos, la confidencialidad y la disponibilidad del sistema."
    }
  ],
  "id": "CVE-2021-20271",
  "lastModified": "2024-11-21T05:46:15.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-26T17:15:13.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-43"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202107-43"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

GHSA-77PM-GXX7-5C5F

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-10-12 12:00

Details

Severity

7.0 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-20271"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-26T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",
  "id": "GHSA-77pm-gxx7-5c5f",
  "modified": "2022-10-12T12:00:21Z",
  "published": "2022-05-24T17:45:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20271"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
    },
    {
      "type": "WEB",
      "url": "https://www.starwindsoftware.com/security/sw-20220805-0002"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202107-43"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2021-20271"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:4975"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:4785"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:4771"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:2791"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:2574"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2021:2854"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-20271

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-20271

Aliases

CVE-2021-20271

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-20271",
    "description": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",
    "id": "GSD-2021-20271",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-20271.html",
      "https://access.redhat.com/errata/RHSA-2021:4975",
      "https://access.redhat.com/errata/RHSA-2021:4785",
      "https://access.redhat.com/errata/RHSA-2021:4771",
      "https://access.redhat.com/errata/RHBA-2021:2854",
      "https://access.redhat.com/errata/RHSA-2021:2791",
      "https://access.redhat.com/errata/RHSA-2021:2574",
      "https://advisories.mageia.org/CVE-2021-20271.html",
      "https://alas.aws.amazon.com/cve/html/CVE-2021-20271.html",
      "https://linux.oracle.com/cve/CVE-2021-20271.html",
      "https://ubuntu.com/security/CVE-2021-20271"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-20271"
      ],
      "details": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",
      "id": "GSD-2021-20271",
      "modified": "2023-12-13T01:23:12.515147Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2021-20271",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "rpm",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "all versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-345",
                "lang": "eng",
                "value": "CWE-345"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
          },
          {
            "name": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21",
            "refsource": "MISC",
            "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
          },
          {
            "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/",
            "refsource": "MISC",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
          },
          {
            "name": "https://security.gentoo.org/glsa/202107-43",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/202107-43"
          },
          {
            "name": "https://www.starwindsoftware.com/security/sw-20220805-0002/",
            "refsource": "MISC",
            "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:4.16.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:4.16.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:4.16.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:4.16.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:4.15.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:4.15.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:4.15.0:alpha:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.15.1.3",
                "versionStartIncluding": "4.15.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.16.1.3",
                "versionStartIncluding": "4.16.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14398:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-20271"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-345"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/rpm-software-management/rpm/commit/d6a86b5e69e46cc283b1e06c92343319beb42e21"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1934125"
            },
            {
              "name": "GLSA-202107-43",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202107-43"
            },
            {
              "name": "https://www.starwindsoftware.com/security/sw-20220805-0002/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.starwindsoftware.com/security/sw-20220805-0002/"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC/"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY/"
            },
            {
              "name": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/",
              "refsource": "MISC",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-02-12T22:15Z",
      "publishedDate": "2021-03-26T17:15Z"
    }
  }
}

MSRC_CVE-2021-20271

Vulnerability from csaf_microsoft - Published: 2021-03-02 00:00 - Updated: 2021-04-01 00:00

Summary

A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability.

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2021-20271

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-345 - Insufficient Verification of Data Authenticity

Affected products

Fixed 18 products

Product	Identifier	Version	Remediation
Unresolved product id: 14375-12137		—
Unresolved product id: 14376-12137		—
Unresolved product id: 14377-12137		—
Unresolved product id: 14378-12137		—
Unresolved product id: 14379-12137		—
Unresolved product id: 14380-12137		—
Unresolved product id: 14381-12137		—
Unresolved product id: 14382-12137		—
Unresolved product id: 14383-12137		—
Unresolved product id: 14384-12138		—
Unresolved product id: 14385-12138		—
Unresolved product id: 14386-12138		—
Unresolved product id: 14387-12138		—
Unresolved product id: 14388-12138		—
Unresolved product id: 14389-12138		—
Unresolved product id: 14390-12138		—
Unresolved product id: 14391-12138		—
Unresolved product id: 14392-12138		—

Known affected 18 products

Product	Version	Remediation
Unresolved product id: 12137-18	—	Vendor Fix fix
Unresolved product id: 12137-17	—	Vendor Fix fix
Unresolved product id: 12137-16	—	Vendor Fix fix
Unresolved product id: 12137-15	—	Vendor Fix fix
Unresolved product id: 12137-14	—	Vendor Fix fix
Unresolved product id: 12137-13	—	Vendor Fix fix
Unresolved product id: 12137-12	—	Vendor Fix fix
Unresolved product id: 12137-11	—	Vendor Fix fix
Unresolved product id: 12137-10	—	Vendor Fix fix
Unresolved product id: 12138-9	—	Vendor Fix fix
Unresolved product id: 12138-8	—	Vendor Fix fix
Unresolved product id: 12138-7	—	Vendor Fix fix
Unresolved product id: 12138-6	—	Vendor Fix fix
Unresolved product id: 12138-5	—	Vendor Fix fix
Unresolved product id: 12138-4	—	Vendor Fix fix
Unresolved product id: 12138-3	—	Vendor Fix fix
Unresolved product id: 12138-2	—	Vendor Fix fix
Unresolved product id: 12138-1	—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2021/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2021-20271 A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-20271.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability.",
    "tracking": {
      "current_release_date": "2021-04-01T00:00:00.000Z",
      "generator": {
        "date": "2025-12-27T19:04:30.565Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2021-20271",
      "initial_release_date": "2021-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2021-04-01T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0 x64",
                  "product_id": "12137"
                }
              },
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0 ARM",
                  "product_id": "12138"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-18"
        },
        "product_reference": "18",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14375-12137"
        },
        "product_reference": "14375",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-devel-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-17"
        },
        "product_reference": "17",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-devel-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14376-12137"
        },
        "product_reference": "14376",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-libs-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-16"
        },
        "product_reference": "16",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-libs-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14377-12137"
        },
        "product_reference": "14377",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-build-libs-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-15"
        },
        "product_reference": "15",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-libs-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14378-12137"
        },
        "product_reference": "14378",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-build-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-14"
        },
        "product_reference": "14",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14379-12137"
        },
        "product_reference": "14379",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-lang-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-13"
        },
        "product_reference": "13",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-lang-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14380-12137"
        },
        "product_reference": "14380",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cpython-rpm-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-12"
        },
        "product_reference": "12",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-rpm-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14381-12137"
        },
        "product_reference": "14381",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cpython3-rpm-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-11"
        },
        "product_reference": "11",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rpm-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14382-12137"
        },
        "product_reference": "14382",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-debuginfo-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "12137-10"
        },
        "product_reference": "10",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-debuginfo-4.14.2-11.cm1.x86_64.rpm as a component of CBL Mariner 1.0 x64",
          "product_id": "14383-12137"
        },
        "product_reference": "14383",
        "relates_to_product_reference": "12137"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-9"
        },
        "product_reference": "9",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14384-12138"
        },
        "product_reference": "14384",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-devel-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-8"
        },
        "product_reference": "8",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-devel-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14385-12138"
        },
        "product_reference": "14385",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-libs-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-libs-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14386-12138"
        },
        "product_reference": "14386",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-build-libs-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-libs-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14387-12138"
        },
        "product_reference": "14387",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-build-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14388-12138"
        },
        "product_reference": "14388",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-lang-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-lang-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14389-12138"
        },
        "product_reference": "14389",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cpython-rpm-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-rpm-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14390-12138"
        },
        "product_reference": "14390",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cpython3-rpm-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rpm-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14391-12138"
        },
        "product_reference": "14391",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003crpm-debuginfo-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "12138-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "12138"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-debuginfo-4.14.2-11.cm1.aarch64.rpm as a component of CBL Mariner 1.0 ARM",
          "product_id": "14392-12138"
        },
        "product_reference": "14392",
        "relates_to_product_reference": "12138"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-20271",
      "cwe": {
        "id": "CWE-345",
        "name": "Insufficient Verification of Data Authenticity"
      },
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "14375-12137",
          "14376-12137",
          "14377-12137",
          "14378-12137",
          "14379-12137",
          "14380-12137",
          "14381-12137",
          "14382-12137",
          "14383-12137",
          "14384-12138",
          "14385-12138",
          "14386-12138",
          "14387-12138",
          "14388-12138",
          "14389-12138",
          "14390-12138",
          "14391-12138",
          "14392-12138"
        ],
        "known_affected": [
          "12137-18",
          "12137-17",
          "12137-16",
          "12137-15",
          "12137-14",
          "12137-13",
          "12137-12",
          "12137-11",
          "12137-10",
          "12138-9",
          "12138-8",
          "12138-7",
          "12138-6",
          "12138-5",
          "12138-4",
          "12138-3",
          "12138-2",
          "12138-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-20271 A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2021-20271.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-04-01T00:00:00.000Z",
          "details": "4.14.2-11:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "12137-18",
            "12137-17",
            "12137-16",
            "12137-15",
            "12137-14",
            "12137-13",
            "12137-12",
            "12137-11",
            "12137-10",
            "12138-9",
            "12138-8",
            "12138-7",
            "12138-6",
            "12138-5",
            "12138-4",
            "12138-3",
            "12138-2",
            "12138-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 7.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "12137-18",
            "12137-17",
            "12137-16",
            "12137-15",
            "12137-14",
            "12137-13",
            "12137-12",
            "12137-11",
            "12137-10",
            "12138-9",
            "12138-8",
            "12138-7",
            "12138-6",
            "12138-5",
            "12138-4",
            "12138-3",
            "12138-2",
            "12138-1"
          ]
        }
      ],
      "title": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package whose signature header was modified to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity confidentiality and system availability."
    }
  ]
}

OPENSUSE-SU-2021:1366-1

Vulnerability from csaf_opensuse - Published: 2021-10-18 12:12 - Updated: 2021-10-18 12:12

Summary

Security update for rpm

Severity

Important

Notes

Title of the patch: Security update for rpm

Description of the patch: This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patchnames: openSUSE-2021-1366

CVE-2021-20266

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2021-20271

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2021-3421

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 11 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

21 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1179416	self
https://bugzilla.suse.com/1183543	self
https://bugzilla.suse.com/1183545	self
https://bugzilla.suse.com/1183632	self
https://bugzilla.suse.com/1183659	self
https://bugzilla.suse.com/1185299	self
https://bugzilla.suse.com/1187670	self
https://bugzilla.suse.com/1188548	self
https://www.suse.com/security/cve/CVE-2021-20266/	self
https://www.suse.com/security/cve/CVE-2021-20271/	self
https://www.suse.com/security/cve/CVE-2021-3421/	self
https://www.suse.com/security/cve/CVE-2021-20266	external
https://bugzilla.suse.com/1183632	external
https://www.suse.com/security/cve/CVE-2021-20271	external
https://bugzilla.suse.com/1183545	external
https://www.suse.com/security/cve/CVE-2021-3421	external
https://bugzilla.suse.com/1183543	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for rpm",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for rpm fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632)\n- PGP hardening changes (bsc#1185299)\n- Fixed potential access of freed mem in ndb\u0027s glue code (bsc#1179416)\n\nMaintaince issues fixed:\n\n- Fixed zstd detection (bsc#1187670)\n- Added ndb rofs support (bsc#1188548)\n- Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659)\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-1366",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1366-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:1366-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WOGLQWSIIR4HYRWXGETEIHB6SM6A2MNK/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:1366-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WOGLQWSIIR4HYRWXGETEIHB6SM6A2MNK/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179416",
        "url": "https://bugzilla.suse.com/1179416"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183543",
        "url": "https://bugzilla.suse.com/1183543"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183545",
        "url": "https://bugzilla.suse.com/1183545"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183632",
        "url": "https://bugzilla.suse.com/1183632"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183659",
        "url": "https://bugzilla.suse.com/1183659"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1185299",
        "url": "https://bugzilla.suse.com/1185299"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1187670",
        "url": "https://bugzilla.suse.com/1187670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1188548",
        "url": "https://bugzilla.suse.com/1188548"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20266 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20266/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20271 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20271/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3421 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3421/"
      }
    ],
    "title": "Security update for rpm",
    "tracking": {
      "current_release_date": "2021-10-18T12:12:22Z",
      "generator": {
        "date": "2021-10-18T12:12:22Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:1366-1",
      "initial_release_date": "2021-10-18T12:12:22Z",
      "revision_history": [
        {
          "date": "2021-10-18T12:12:22Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-rpm-4.14.1-lp152.18.3.1.i586",
                "product": {
                  "name": "python2-rpm-4.14.1-lp152.18.3.1.i586",
                  "product_id": "python2-rpm-4.14.1-lp152.18.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "python3-rpm-4.14.1-lp152.18.3.1.i586",
                "product": {
                  "name": "python3-rpm-4.14.1-lp152.18.3.1.i586",
                  "product_id": "python3-rpm-4.14.1-lp152.18.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-4.14.1-lp152.18.3.1.i586",
                "product": {
                  "name": "rpm-4.14.1-lp152.18.3.1.i586",
                  "product_id": "rpm-4.14.1-lp152.18.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-build-4.14.1-lp152.18.3.1.i586",
                "product": {
                  "name": "rpm-build-4.14.1-lp152.18.3.1.i586",
                  "product_id": "rpm-build-4.14.1-lp152.18.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-devel-4.14.1-lp152.18.3.1.i586",
                "product": {
                  "name": "rpm-devel-4.14.1-lp152.18.3.1.i586",
                  "product_id": "rpm-devel-4.14.1-lp152.18.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-rpm-4.14.1-lp152.18.3.1.x86_64",
                "product": {
                  "name": "python2-rpm-4.14.1-lp152.18.3.1.x86_64",
                  "product_id": "python2-rpm-4.14.1-lp152.18.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-rpm-4.14.1-lp152.18.3.1.x86_64",
                "product": {
                  "name": "python3-rpm-4.14.1-lp152.18.3.1.x86_64",
                  "product_id": "python3-rpm-4.14.1-lp152.18.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-4.14.1-lp152.18.3.1.x86_64",
                "product": {
                  "name": "rpm-4.14.1-lp152.18.3.1.x86_64",
                  "product_id": "rpm-4.14.1-lp152.18.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
                "product": {
                  "name": "rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
                  "product_id": "rpm-32bit-4.14.1-lp152.18.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-build-4.14.1-lp152.18.3.1.x86_64",
                "product": {
                  "name": "rpm-build-4.14.1-lp152.18.3.1.x86_64",
                  "product_id": "rpm-build-4.14.1-lp152.18.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-devel-4.14.1-lp152.18.3.1.x86_64",
                "product": {
                  "name": "rpm-devel-4.14.1-lp152.18.3.1.x86_64",
                  "product_id": "rpm-devel-4.14.1-lp152.18.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-rpm-4.14.1-lp152.18.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586"
        },
        "product_reference": "python2-rpm-4.14.1-lp152.18.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-rpm-4.14.1-lp152.18.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64"
        },
        "product_reference": "python2-rpm-4.14.1-lp152.18.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rpm-4.14.1-lp152.18.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586"
        },
        "product_reference": "python3-rpm-4.14.1-lp152.18.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rpm-4.14.1-lp152.18.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64"
        },
        "product_reference": "python3-rpm-4.14.1-lp152.18.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-4.14.1-lp152.18.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586"
        },
        "product_reference": "rpm-4.14.1-lp152.18.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-4.14.1-lp152.18.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64"
        },
        "product_reference": "rpm-4.14.1-lp152.18.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-32bit-4.14.1-lp152.18.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64"
        },
        "product_reference": "rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-4.14.1-lp152.18.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586"
        },
        "product_reference": "rpm-build-4.14.1-lp152.18.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-4.14.1-lp152.18.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64"
        },
        "product_reference": "rpm-build-4.14.1-lp152.18.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-devel-4.14.1-lp152.18.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586"
        },
        "product_reference": "rpm-devel-4.14.1-lp152.18.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-devel-4.14.1-lp152.18.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
        },
        "product_reference": "rpm-devel-4.14.1-lp152.18.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-20266",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20266"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20266",
          "url": "https://www.suse.com/security/cve/CVE-2021-20266"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183632 for CVE-2021-20266",
          "url": "https://bugzilla.suse.com/1183632"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-18T12:12:22Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-20266"
    },
    {
      "cve": "CVE-2021-20271",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20271"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20271",
          "url": "https://www.suse.com/security/cve/CVE-2021-20271"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183545 for CVE-2021-20271",
          "url": "https://bugzilla.suse.com/1183545"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-18T12:12:22Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-20271"
    },
    {
      "cve": "CVE-2021-3421",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3421"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
          "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
          "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3421",
          "url": "https://www.suse.com/security/cve/CVE-2021-3421"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183543 for CVE-2021-3421",
          "url": "https://bugzilla.suse.com/1183543"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python2-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:python3-rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-32bit-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-build-4.14.1-lp152.18.3.1.x86_64",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.i586",
            "openSUSE Leap 15.2:rpm-devel-4.14.1-lp152.18.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-10-18T12:12:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3421"
    }
  ]
}

OPENSUSE-SU-2021:2682-1

Vulnerability from csaf_opensuse - Published: 2021-08-17 07:23 - Updated: 2021-08-17 07:23

Summary

Security update for rpm

Severity

Important

Notes

Title of the patch: Security update for rpm

Description of the patch: This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.

Patchnames: openSUSE-SLE-15.3-2021-2682

CVE-2021-20266

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2021-20271

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2021-3421

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Affected products

Recommended 26 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64	—	Vendor Fix

Threats

Impact moderate

References

17 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1179416	self
https://bugzilla.suse.com/1181805	self
https://bugzilla.suse.com/1183543	self
https://bugzilla.suse.com/1183545	self
https://www.suse.com/security/cve/CVE-2021-20266/	self
https://www.suse.com/security/cve/CVE-2021-20271/	self
https://www.suse.com/security/cve/CVE-2021-3421/	self
https://www.suse.com/security/cve/CVE-2021-20266	external
https://bugzilla.suse.com/1183632	external
https://www.suse.com/security/cve/CVE-2021-20271	external
https://bugzilla.suse.com/1183545	external
https://www.suse.com/security/cve/CVE-2021-3421	external
https://bugzilla.suse.com/1183543	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for rpm",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for rpm fixes the following issues:\n\n- Changed default package verification level to \u0027none\u0027 to be compatible to rpm-4.14.1\n- Made illegal obsoletes a warning\n- Fixed a potential access of freed mem in ndb\u0027s glue code (bsc#1179416)\n- Added support for enforcing signature policy and payload verification step to\n  transactions (jsc#SLE-17817)\n- Added :humansi and :hmaniec query formatters for human readable output\n- Added query selectors for whatobsoletes and whatconflicts\n- Added support for sorting caret higher than base version\n- rpm does no longer require the signature header to be in a contiguous\n  region when signing (bsc#1181805)\n\nSecurity fixes:\n\n- CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an\n  attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM\n  repository, to cause RPM database corruption. The highest threat from this vulnerability is to\n  data integrity (bsc#1183543)\n\n- CVE-2021-20271: A flaw was found in RPM\u0027s signature check functionality when reading a package file.\n  This flaw allows an attacker who can convince a victim to install a seemingly verifiable package,\n  whose signature header was modified, to cause RPM database corruption and execute code. The highest\n  threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545)\n\n- CVE-2021-20266: A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker\n  who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability\n  is to system availability.\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-SLE-15.3-2021-2682",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_2682-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:2682-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IQDL4MT3J7VM3IS3TI4EMLQJHDPTSZLZ/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:2682-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IQDL4MT3J7VM3IS3TI4EMLQJHDPTSZLZ/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1179416",
        "url": "https://bugzilla.suse.com/1179416"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1181805",
        "url": "https://bugzilla.suse.com/1181805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183543",
        "url": "https://bugzilla.suse.com/1183543"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1183545",
        "url": "https://bugzilla.suse.com/1183545"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20266 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20266/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-20271 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-20271/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3421 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3421/"
      }
    ],
    "title": "Security update for rpm",
    "tracking": {
      "current_release_date": "2021-08-17T07:23:06Z",
      "generator": {
        "date": "2021-08-17T07:23:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:2682-1",
      "initial_release_date": "2021-08-17T07:23:06Z",
      "revision_history": [
        {
          "date": "2021-08-17T07:23:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-rpm-4.14.3-37.2.aarch64",
                "product": {
                  "name": "python2-rpm-4.14.3-37.2.aarch64",
                  "product_id": "python2-rpm-4.14.3-37.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-rpm-4.14.3-37.2.aarch64",
                "product": {
                  "name": "python3-rpm-4.14.3-37.2.aarch64",
                  "product_id": "python3-rpm-4.14.3-37.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-4.14.3-37.2.aarch64",
                "product": {
                  "name": "rpm-4.14.3-37.2.aarch64",
                  "product_id": "rpm-4.14.3-37.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-build-4.14.3-37.2.aarch64",
                "product": {
                  "name": "rpm-build-4.14.3-37.2.aarch64",
                  "product_id": "rpm-build-4.14.3-37.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-devel-4.14.3-37.2.aarch64",
                "product": {
                  "name": "rpm-devel-4.14.3-37.2.aarch64",
                  "product_id": "rpm-devel-4.14.3-37.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-ndb-4.14.3-37.2.aarch64",
                "product": {
                  "name": "rpm-ndb-4.14.3-37.2.aarch64",
                  "product_id": "rpm-ndb-4.14.3-37.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-rpm-4.14.3-37.2.ppc64le",
                "product": {
                  "name": "python2-rpm-4.14.3-37.2.ppc64le",
                  "product_id": "python2-rpm-4.14.3-37.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-rpm-4.14.3-37.2.ppc64le",
                "product": {
                  "name": "python3-rpm-4.14.3-37.2.ppc64le",
                  "product_id": "python3-rpm-4.14.3-37.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-4.14.3-37.2.ppc64le",
                "product": {
                  "name": "rpm-4.14.3-37.2.ppc64le",
                  "product_id": "rpm-4.14.3-37.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-build-4.14.3-37.2.ppc64le",
                "product": {
                  "name": "rpm-build-4.14.3-37.2.ppc64le",
                  "product_id": "rpm-build-4.14.3-37.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-devel-4.14.3-37.2.ppc64le",
                "product": {
                  "name": "rpm-devel-4.14.3-37.2.ppc64le",
                  "product_id": "rpm-devel-4.14.3-37.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-ndb-4.14.3-37.2.ppc64le",
                "product": {
                  "name": "rpm-ndb-4.14.3-37.2.ppc64le",
                  "product_id": "rpm-ndb-4.14.3-37.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-rpm-4.14.3-37.2.s390x",
                "product": {
                  "name": "python2-rpm-4.14.3-37.2.s390x",
                  "product_id": "python2-rpm-4.14.3-37.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-rpm-4.14.3-37.2.s390x",
                "product": {
                  "name": "python3-rpm-4.14.3-37.2.s390x",
                  "product_id": "python3-rpm-4.14.3-37.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-4.14.3-37.2.s390x",
                "product": {
                  "name": "rpm-4.14.3-37.2.s390x",
                  "product_id": "rpm-4.14.3-37.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-build-4.14.3-37.2.s390x",
                "product": {
                  "name": "rpm-build-4.14.3-37.2.s390x",
                  "product_id": "rpm-build-4.14.3-37.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-devel-4.14.3-37.2.s390x",
                "product": {
                  "name": "rpm-devel-4.14.3-37.2.s390x",
                  "product_id": "rpm-devel-4.14.3-37.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-ndb-4.14.3-37.2.s390x",
                "product": {
                  "name": "rpm-ndb-4.14.3-37.2.s390x",
                  "product_id": "rpm-ndb-4.14.3-37.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python2-rpm-4.14.3-37.2.x86_64",
                "product": {
                  "name": "python2-rpm-4.14.3-37.2.x86_64",
                  "product_id": "python2-rpm-4.14.3-37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-rpm-4.14.3-37.2.x86_64",
                "product": {
                  "name": "python3-rpm-4.14.3-37.2.x86_64",
                  "product_id": "python3-rpm-4.14.3-37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-4.14.3-37.2.x86_64",
                "product": {
                  "name": "rpm-4.14.3-37.2.x86_64",
                  "product_id": "rpm-4.14.3-37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-32bit-4.14.3-37.2.x86_64",
                "product": {
                  "name": "rpm-32bit-4.14.3-37.2.x86_64",
                  "product_id": "rpm-32bit-4.14.3-37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-build-4.14.3-37.2.x86_64",
                "product": {
                  "name": "rpm-build-4.14.3-37.2.x86_64",
                  "product_id": "rpm-build-4.14.3-37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-devel-4.14.3-37.2.x86_64",
                "product": {
                  "name": "rpm-devel-4.14.3-37.2.x86_64",
                  "product_id": "rpm-devel-4.14.3-37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-ndb-4.14.3-37.2.x86_64",
                "product": {
                  "name": "rpm-ndb-4.14.3-37.2.x86_64",
                  "product_id": "rpm-ndb-4.14.3-37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rpm-ndb-32bit-4.14.3-37.2.x86_64",
                "product": {
                  "name": "rpm-ndb-32bit-4.14.3-37.2.x86_64",
                  "product_id": "rpm-ndb-32bit-4.14.3-37.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3",
                "product": {
                  "name": "openSUSE Leap 15.3",
                  "product_id": "openSUSE Leap 15.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-rpm-4.14.3-37.2.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64"
        },
        "product_reference": "python2-rpm-4.14.3-37.2.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-rpm-4.14.3-37.2.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le"
        },
        "product_reference": "python2-rpm-4.14.3-37.2.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-rpm-4.14.3-37.2.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x"
        },
        "product_reference": "python2-rpm-4.14.3-37.2.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python2-rpm-4.14.3-37.2.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64"
        },
        "product_reference": "python2-rpm-4.14.3-37.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rpm-4.14.3-37.2.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64"
        },
        "product_reference": "python3-rpm-4.14.3-37.2.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rpm-4.14.3-37.2.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le"
        },
        "product_reference": "python3-rpm-4.14.3-37.2.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rpm-4.14.3-37.2.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x"
        },
        "product_reference": "python3-rpm-4.14.3-37.2.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-rpm-4.14.3-37.2.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64"
        },
        "product_reference": "python3-rpm-4.14.3-37.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-4.14.3-37.2.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64"
        },
        "product_reference": "rpm-4.14.3-37.2.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-4.14.3-37.2.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le"
        },
        "product_reference": "rpm-4.14.3-37.2.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-4.14.3-37.2.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x"
        },
        "product_reference": "rpm-4.14.3-37.2.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-4.14.3-37.2.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64"
        },
        "product_reference": "rpm-4.14.3-37.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-32bit-4.14.3-37.2.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64"
        },
        "product_reference": "rpm-32bit-4.14.3-37.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-4.14.3-37.2.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64"
        },
        "product_reference": "rpm-build-4.14.3-37.2.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-4.14.3-37.2.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le"
        },
        "product_reference": "rpm-build-4.14.3-37.2.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-4.14.3-37.2.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x"
        },
        "product_reference": "rpm-build-4.14.3-37.2.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-build-4.14.3-37.2.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64"
        },
        "product_reference": "rpm-build-4.14.3-37.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-devel-4.14.3-37.2.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64"
        },
        "product_reference": "rpm-devel-4.14.3-37.2.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-devel-4.14.3-37.2.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le"
        },
        "product_reference": "rpm-devel-4.14.3-37.2.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-devel-4.14.3-37.2.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x"
        },
        "product_reference": "rpm-devel-4.14.3-37.2.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-devel-4.14.3-37.2.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64"
        },
        "product_reference": "rpm-devel-4.14.3-37.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-ndb-4.14.3-37.2.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64"
        },
        "product_reference": "rpm-ndb-4.14.3-37.2.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-ndb-4.14.3-37.2.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le"
        },
        "product_reference": "rpm-ndb-4.14.3-37.2.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-ndb-4.14.3-37.2.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x"
        },
        "product_reference": "rpm-ndb-4.14.3-37.2.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-ndb-4.14.3-37.2.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
        },
        "product_reference": "rpm-ndb-4.14.3-37.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rpm-ndb-32bit-4.14.3-37.2.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64"
        },
        "product_reference": "rpm-ndb-32bit-4.14.3-37.2.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-20266",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20266"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in RPM\u0027s hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20266",
          "url": "https://www.suse.com/security/cve/CVE-2021-20266"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183632 for CVE-2021-20266",
          "url": "https://bugzilla.suse.com/1183632"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-08-17T07:23:06Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-20266"
    },
    {
      "cve": "CVE-2021-20271",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-20271"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in RPM\u0027s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-20271",
          "url": "https://www.suse.com/security/cve/CVE-2021-20271"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183545 for CVE-2021-20271",
          "url": "https://bugzilla.suse.com/1183545"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-08-17T07:23:06Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-20271"
    },
    {
      "cve": "CVE-2021-3421",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3421"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
          "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3421",
          "url": "https://www.suse.com/security/cve/CVE-2021-3421"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183543 for CVE-2021-3421",
          "url": "https://bugzilla.suse.com/1183543"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python2-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:python3-rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-build-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-devel-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-32bit-4.14.3-37.2.x86_64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.aarch64",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.ppc64le",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.s390x",
            "openSUSE Leap 15.3:rpm-ndb-4.14.3-37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-08-17T07:23:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2021-3421"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-20271 (GCVE-0-2021-20271)

Solution

Solution

Solution

Tags

Sightings

Nomenclature