Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-10978 (GCVE-0-2024-10978)
Vulnerability from cvelistv5 – Published: 2024-11-14 13:00 – Updated: 2025-11-03 21:51
VLAI?
EPSS
Title
PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID
Summary
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Severity ?
4.2 (Medium)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | PostgreSQL |
Affected:
17 , < 17.1
(rpm)
Affected: 16 , < 16.5 (rpm) Affected: 15 , < 15.9 (rpm) Affected: 14 , < 14.14 (rpm) Affected: 13 , < 13.17 (rpm) Affected: 0 , < 12.21 (rpm) |
Credits
The PostgreSQL project thanks Tom Lane for reporting this problem.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T18:53:38.409914Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T19:29:16.719Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:51:39.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PostgreSQL",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.1",
"status": "affected",
"version": "17",
"versionType": "rpm"
},
{
"lessThan": "16.5",
"status": "affected",
"version": "16",
"versionType": "rpm"
},
{
"lessThan": "15.9",
"status": "affected",
"version": "15",
"versionType": "rpm"
},
{
"lessThan": "14.14",
"status": "affected",
"version": "14",
"versionType": "rpm"
},
{
"lessThan": "13.17",
"status": "affected",
"version": "13",
"versionType": "rpm"
},
{
"lessThan": "12.21",
"status": "affected",
"version": "0",
"versionType": "rpm"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "The PostgreSQL project thanks Tom Lane for reporting this problem."
}
],
"descriptions": [
{
"lang": "en",
"value": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting(\u0027role\u0027) or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T13:00:07.398Z",
"orgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"shortName": "PostgreSQL"
},
"references": [
{
"url": "https://www.postgresql.org/support/security/CVE-2024-10978/"
}
],
"title": "PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID"
}
},
"cveMetadata": {
"assignerOrgId": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"assignerShortName": "PostgreSQL",
"cveId": "CVE-2024-10978",
"datePublished": "2024-11-14T13:00:07.398Z",
"dateReserved": "2024-11-07T19:27:03.860Z",
"dateUpdated": "2025-11-03T21:51:39.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-10978",
"date": "2026-05-23",
"epss": "0.00613",
"percentile": "0.70076"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-10978\",\"sourceIdentifier\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"published\":\"2024-11-14T13:15:04.217\",\"lastModified\":\"2025-11-03T22:16:36.917\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting(\u0027role\u0027) or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\"},{\"lang\":\"es\",\"value\":\"La asignaci\u00f3n incorrecta de privilegios en PostgreSQL permite que un usuario de la aplicaci\u00f3n con menos privilegios vea o cambie filas distintas a las previstas. Un ataque requiere que la aplicaci\u00f3n utilice SET ROLE, SET SESSION AUTHORIZATION o una funci\u00f3n equivalente. El problema surge cuando una consulta de la aplicaci\u00f3n utiliza par\u00e1metros del atacante o transmite los resultados de la consulta al atacante. Si esa consulta reacciona a current_setting(\u0027role\u0027) o al ID de usuario actual, puede modificar o devolver datos como si la sesi\u00f3n no hubiera utilizado SET ROLE o SET SESSION AUTHORIZATION. El atacante no controla qu\u00e9 ID de usuario incorrecto se aplica. El texto de la consulta de fuentes con menos privilegios no es un problema aqu\u00ed, porque SET ROLE y SET SESSION AUTHORIZATION no son entornos aislados para consultas no verificadas. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.21\",\"matchCriteriaId\":\"433D59A0-8811-4DDB-A9F7-D85C62F905CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.17\",\"matchCriteriaId\":\"380F8048-FBE5-4606-93A3-915CFD229317\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0\",\"versionEndExcluding\":\"14.14\",\"matchCriteriaId\":\"FACF31C7-3B20-4BAE-A596-9C59D67406D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.9\",\"matchCriteriaId\":\"DF12F1A2-3179-4DAC-B728-038B94954DC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.5\",\"matchCriteriaId\":\"353CBD91-FC28-4DA3-B79A-F4F4DC80FA93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:17.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"554F297F-6688-4242-9618-40A3A017D246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:17.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"2012E2E6-9A7A-4EA8-AE7C-5CB3486CE9DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:17.0:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"354785D4-62F8-49C6-BFE6-D7AFEF7BE28F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:17.0:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB5B99AA-AEDF-4730-824E-3A09D47B19DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql:17.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C88EECA-C66E-4FCF-BA4A-7581516B2471\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://www.postgresql.org/support/security/CVE-2024-10978/\",\"source\":\"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:51:39.867Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-10978\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-14T18:53:38.409914Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-14T18:54:19.728Z\"}}], \"cna\": {\"title\": \"PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID\", \"credits\": [{\"lang\": \"en\", \"value\": \"The PostgreSQL project thanks Tom Lane for reporting this problem.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 4.2, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\"}}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"PostgreSQL\", \"versions\": [{\"status\": \"affected\", \"version\": \"17\", \"lessThan\": \"17.1\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"16\", \"lessThan\": \"16.5\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"15\", \"lessThan\": \"15.9\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"14\", \"lessThan\": \"14.14\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"13\", \"lessThan\": \"13.17\", \"versionType\": \"rpm\"}, {\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"12.21\", \"versionType\": \"rpm\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.postgresql.org/support/security/CVE-2024-10978/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting(\u0027role\u0027) or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-266\", \"description\": \"Incorrect Privilege Assignment\"}]}], \"providerMetadata\": {\"orgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"shortName\": \"PostgreSQL\", \"dateUpdated\": \"2024-11-14T13:00:07.398Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-10978\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:51:39.867Z\", \"dateReserved\": \"2024-11-07T19:27:03.860Z\", \"assignerOrgId\": \"f86ef6dc-4d3a-42ad-8f28-e6d5547a5007\", \"datePublished\": \"2024-11-14T13:00:07.398Z\", \"assignerShortName\": \"PostgreSQL\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2025-AVI-0106
Vulnerability from certfr_avis - Published: 2025-02-07 - Updated: 2025-02-07
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.x antérieures à 12.0.4 IF2 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.15 | ||
| IBM | Db2 | IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 à 4.8 antérieures à v4.8.8 | ||
| IBM | Security QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.15",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 \u00e0 4.8 ant\u00e9rieures \u00e0 v4.8.8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11",
"product": {
"name": "Security QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2020-21469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21469"
},
{
"name": "CVE-2024-45020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45020"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2023-51714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51714"
},
{
"name": "CVE-2021-47366",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47366"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2024-36361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36361"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2019-9641",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9641"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
},
{
"name": "CVE-2024-38608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38608"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-49352",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49352"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2020-20703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-20703"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2022-48968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48968"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2019-9638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9638"
},
{
"name": "CVE-2022-49016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49016"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2019-9639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9639"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2024-27062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27062"
},
{
"name": "CVE-2024-35839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35839"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2024-46820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46820"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4317"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-38586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-45769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45769"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2018-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
},
{
"name": "CVE-2018-20346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
},
{
"name": "CVE-2024-46845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46845"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2022-49003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49003"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-35898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35898"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-44935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2019-9020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9020"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2019-9023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9023"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2024-41942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41942"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45770"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2022-48773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48773"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-24857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24857"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-29736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29736"
},
{
"name": "CVE-2019-9021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9021"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2023-52921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52921"
},
{
"name": "CVE-2024-53677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53677"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2019-20478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20478"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2023-50314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2018-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
},
{
"name": "CVE-2024-32007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32007"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"initial_release_date": "2025-02-07T00:00:00",
"last_revision_date": "2025-02-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182424",
"url": "https://www.ibm.com/support/pages/node/7182424"
},
{
"published_at": "2025-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182335",
"url": "https://www.ibm.com/support/pages/node/7182335"
},
{
"published_at": "2025-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7181898",
"url": "https://www.ibm.com/support/pages/node/7181898"
},
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7181480",
"url": "https://www.ibm.com/support/pages/node/7181480"
},
{
"published_at": "2025-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182696",
"url": "https://www.ibm.com/support/pages/node/7182696"
}
]
}
CERTFR-2025-AVI-0401
Vulnerability from certfr_avis - Published: 2025-05-14 - Updated: 2025-05-30
De multiples vulnérabilités ont été découvertes dans Juniper Networks Secure Analytics. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Secure Analytics | Juniper Secure Analytics versions 7.5.0 antérieures à 7.5.0 UP11 IF02 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Juniper Secure Analytics versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF02",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2020-21469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21469"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-38608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38608"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2025-24813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24813"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2024-27062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27062"
},
{
"name": "CVE-2024-35839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35839"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4317"
},
{
"name": "CVE-2024-38586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
},
{
"name": "CVE-2024-11218",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11218"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2024-53197",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53197"
},
{
"name": "CVE-2025-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-45769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45769"
},
{
"name": "CVE-2024-12085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2024-57807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57807"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2024-1488",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1488"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-35898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35898"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-44935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
},
{
"name": "CVE-2025-21785",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21785"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2024-56337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56337"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2024-45770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45770"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2022-48773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48773"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-24857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24857"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-57979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57979"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-29736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29736"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2024-9823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2024-53677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53677"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2024-56463",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56463"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2025-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
},
{
"name": "CVE-2024-52337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2024-50379",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50379"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2018-12699",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12699"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2024-32007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32007"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"initial_release_date": "2025-05-14T00:00:00",
"last_revision_date": "2025-05-30T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0401",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-14T00:00:00.000000"
},
{
"description": "Ajouts des identifiants CVE CVE-2017-9047, CVE-2021-37533, CVE-2023-52922, CVE-2024-11218, CVE-2024-50302, CVE-2024-53197, CVE-2024-56171, CVE-2024-57807, CVE-2024-57979, CVE-2025-0624, CVE-2025-21785, CVE-2025-24813, CVE-2025-24928, CVE-2025-27363 et CVE-2025-27516.",
"revision_date": "2025-05-30T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Juniper Networks Secure Analytics. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Juniper Networks Secure Analytics",
"vendor_advisories": [
{
"published_at": "2025-05-13",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA98556",
"url": "https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP11-IF03"
}
]
}
CERTFR-2025-AVI-0524
Vulnerability from certfr_avis - Published: 2025-06-19 - Updated: 2025-06-19
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Greenplum | Tanzu Greenplum Data Copy Utility versions antérieures à 2.8.0 | ||
| VMware | Tanzu | Tanzu Data Lake versions antérieures à 1.1.0 | ||
| VMware | Tanzu | Tanzu pour Postgres sur Kubernetes versions antérieures à 4.1.0 et 4.2.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Command Center versions antérieures à 6.14.0 et 7.4.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Backup and Restore versions antérieures à 1.31.1 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum Streaming Server versions antérieures à 2.1.0 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions 6.x antérieures à 6.29.1 | ||
| VMware | Tanzu Greenplum | Tanzu Greenplum versions 7.x antérieures à 7.5.0 | ||
| VMware | Tanzu | VMware Tanzu pour Valkey sur Kubernetes versions antérieures à 1.1.0 et 2.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum Data Copy Utility versions ant\u00e9rieures \u00e0 2.8.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 1.1.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.1.0 et 4.2.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Command Center versions ant\u00e9rieures \u00e0 6.14.0 et 7.4.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Backup and Restore versions ant\u00e9rieures \u00e0 1.31.1",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum Streaming Server versions ant\u00e9rieures \u00e0 2.1.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions 6.x ant\u00e9rieures \u00e0 6.29.1",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Greenplum versions 7.x ant\u00e9rieures \u00e0 7.5.0",
"product": {
"name": "Tanzu Greenplum",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour Valkey sur Kubernetes versions ant\u00e9rieures \u00e0 1.1.0 et 2.0.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2019-2126",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2126"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2022-27664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27664"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-1962",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1962"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2021-45943",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45943"
},
{
"name": "CVE-2021-34141",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-2879",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2879"
},
{
"name": "CVE-2022-41715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41715"
},
{
"name": "CVE-2022-2880",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2880"
},
{
"name": "CVE-2023-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
},
{
"name": "CVE-2023-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
},
{
"name": "CVE-2022-30629",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30629"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2022-30580",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30580"
},
{
"name": "CVE-2022-40898",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40898"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2023-2650",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2023-1255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
},
{
"name": "CVE-2023-24540",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
},
{
"name": "CVE-2023-29400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29400"
},
{
"name": "CVE-2023-24539",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24539"
},
{
"name": "CVE-2023-2975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
},
{
"name": "CVE-2023-3446",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
},
{
"name": "CVE-2023-3817",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
},
{
"name": "CVE-2023-29404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29404"
},
{
"name": "CVE-2023-29402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29402"
},
{
"name": "CVE-2023-29403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29403"
},
{
"name": "CVE-2023-29405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29405"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2023-29409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29409"
},
{
"name": "CVE-2023-29406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29406"
},
{
"name": "CVE-2023-32681",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-5363",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2023-4752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
},
{
"name": "CVE-2023-45853",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45853"
},
{
"name": "CVE-2023-5678",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2022-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0543"
},
{
"name": "CVE-2023-4039",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4039"
},
{
"name": "CVE-2021-46848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46848"
},
{
"name": "CVE-2023-4016",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4016"
},
{
"name": "CVE-2023-29383",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29383"
},
{
"name": "CVE-2023-6237",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6237"
},
{
"name": "CVE-2023-39323",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39323"
},
{
"name": "CVE-2023-31484",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31484"
},
{
"name": "CVE-2023-24534",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24534"
},
{
"name": "CVE-2023-6129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
},
{
"name": "CVE-2023-39318",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39318"
},
{
"name": "CVE-2023-39319",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39319"
},
{
"name": "CVE-2024-0727",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0727"
},
{
"name": "CVE-2024-1580",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1580"
},
{
"name": "CVE-2016-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2781"
},
{
"name": "CVE-2023-39326",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39326"
},
{
"name": "CVE-2023-45285",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45285"
},
{
"name": "CVE-2023-45288",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2023-45289",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45289"
},
{
"name": "CVE-2023-45290",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45290"
},
{
"name": "CVE-2024-24783",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24783"
},
{
"name": "CVE-2024-24784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24784"
},
{
"name": "CVE-2024-24785",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24785"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-23807",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-23807"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2023-5752",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5752"
},
{
"name": "CVE-2024-3651",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-26458",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26458"
},
{
"name": "CVE-2024-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26461"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2023-4641",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4641"
},
{
"name": "CVE-2024-22365",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22365"
},
{
"name": "CVE-2024-22667",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
},
{
"name": "CVE-2023-6228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6228"
},
{
"name": "CVE-2023-45287",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45287"
},
{
"name": "CVE-2024-24787",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24787"
},
{
"name": "CVE-2024-24788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24788"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2023-7008",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7008"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2022-48468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48468"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2024-11168",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2024-10963",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
},
{
"name": "CVE-2025-21490",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21490"
},
{
"name": "CVE-2025-21491",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21491"
},
{
"name": "CVE-2025-21497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21497"
},
{
"name": "CVE-2025-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21500"
},
{
"name": "CVE-2025-21501",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21501"
},
{
"name": "CVE-2025-21503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21503"
},
{
"name": "CVE-2025-21505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21505"
},
{
"name": "CVE-2025-21519",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21519"
},
{
"name": "CVE-2025-21522",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21522"
},
{
"name": "CVE-2025-21523",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21523"
},
{
"name": "CVE-2025-21529",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21529"
},
{
"name": "CVE-2025-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21540"
},
{
"name": "CVE-2025-21546",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21546"
},
{
"name": "CVE-2025-21555",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21555"
},
{
"name": "CVE-2025-21559",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21559"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2023-24531",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24531"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"name": "CVE-2022-42967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42967"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-22235",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
},
{
"name": "CVE-2025-31650",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
},
{
"name": "CVE-2025-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2024-55549",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-46701",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
},
{
"name": "CVE-2024-12133",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
},
{
"name": "CVE-2024-12243",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2025-0395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
},
{
"name": "CVE-2025-1390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
},
{
"name": "CVE-2025-31115",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
},
{
"name": "CVE-2012-0880",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0880"
},
{
"name": "CVE-2017-17507",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17507"
},
{
"name": "CVE-2017-8806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
},
{
"name": "CVE-2018-10126",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10126"
},
{
"name": "CVE-2018-11205",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11205"
},
{
"name": "CVE-2018-13866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13866"
},
{
"name": "CVE-2018-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13867"
},
{
"name": "CVE-2018-13868",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13868"
},
{
"name": "CVE-2018-13869",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13869"
},
{
"name": "CVE-2018-13870",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13870"
},
{
"name": "CVE-2018-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13871"
},
{
"name": "CVE-2018-13872",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13872"
},
{
"name": "CVE-2018-13874",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13874"
},
{
"name": "CVE-2018-13875",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13875"
},
{
"name": "CVE-2018-13876",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13876"
},
{
"name": "CVE-2018-14031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14031"
},
{
"name": "CVE-2018-14033",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14033"
},
{
"name": "CVE-2018-14034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14034"
},
{
"name": "CVE-2018-14035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14035"
},
{
"name": "CVE-2018-14460",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14460"
},
{
"name": "CVE-2018-15671",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15671"
},
{
"name": "CVE-2018-16438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16438"
},
{
"name": "CVE-2018-17432",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17432"
},
{
"name": "CVE-2018-17433",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17433"
},
{
"name": "CVE-2018-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17434"
},
{
"name": "CVE-2018-17435",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17435"
},
{
"name": "CVE-2018-17436",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17436"
},
{
"name": "CVE-2018-17437",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17437"
},
{
"name": "CVE-2018-17438",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17438"
},
{
"name": "CVE-2018-17439",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17439"
},
{
"name": "CVE-2019-20005",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20005"
},
{
"name": "CVE-2019-20006",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20006"
},
{
"name": "CVE-2019-20007",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20007"
},
{
"name": "CVE-2019-20198",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20198"
},
{
"name": "CVE-2019-20199",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20199"
},
{
"name": "CVE-2019-20200",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20200"
},
{
"name": "CVE-2019-20201",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20201"
},
{
"name": "CVE-2019-20202",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20202"
},
{
"name": "CVE-2019-6988",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6988"
},
{
"name": "CVE-2019-8396",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8396"
},
{
"name": "CVE-2019-8397",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8397"
},
{
"name": "CVE-2019-8398",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8398"
},
{
"name": "CVE-2019-9151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9151"
},
{
"name": "CVE-2019-9152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9152"
},
{
"name": "CVE-2020-10809",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10809"
},
{
"name": "CVE-2020-10810",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10810"
},
{
"name": "CVE-2020-10811",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10811"
},
{
"name": "CVE-2020-10812",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10812"
},
{
"name": "CVE-2020-18232",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18232"
},
{
"name": "CVE-2020-18494",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-18494"
},
{
"name": "CVE-2021-26220",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26220"
},
{
"name": "CVE-2021-26221",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26221"
},
{
"name": "CVE-2021-26222",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26222"
},
{
"name": "CVE-2021-30485",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30485"
},
{
"name": "CVE-2021-31229",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31229"
},
{
"name": "CVE-2021-31347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31347"
},
{
"name": "CVE-2021-31348",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31348"
},
{
"name": "CVE-2021-31598",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31598"
},
{
"name": "CVE-2021-33430",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
},
{
"name": "CVE-2021-37501",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37501"
},
{
"name": "CVE-2021-45829",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45829"
},
{
"name": "CVE-2021-45830",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45830"
},
{
"name": "CVE-2021-45832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45832"
},
{
"name": "CVE-2021-45833",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45833"
},
{
"name": "CVE-2021-46242",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46242"
},
{
"name": "CVE-2021-46243",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46243"
},
{
"name": "CVE-2021-46244",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46244"
},
{
"name": "CVE-2022-25942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25942"
},
{
"name": "CVE-2022-25972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25972"
},
{
"name": "CVE-2022-26061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-26061"
},
{
"name": "CVE-2022-30045",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30045"
},
{
"name": "CVE-2022-4055",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4055"
},
{
"name": "CVE-2022-47655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47655"
},
{
"name": "CVE-2023-0996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0996"
},
{
"name": "CVE-2023-29659",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29659"
},
{
"name": "CVE-2023-32570",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32570"
},
{
"name": "CVE-2023-39328",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39328"
},
{
"name": "CVE-2023-39329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39329"
},
{
"name": "CVE-2023-51792",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51792"
},
{
"name": "CVE-2023-6879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6879"
},
{
"name": "CVE-2024-27304",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27304"
},
{
"name": "CVE-2024-29157",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29157"
},
{
"name": "CVE-2024-29158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29158"
},
{
"name": "CVE-2024-29159",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29159"
},
{
"name": "CVE-2024-29160",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29160"
},
{
"name": "CVE-2024-29161",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29161"
},
{
"name": "CVE-2024-29162",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29162"
},
{
"name": "CVE-2024-29163",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29163"
},
{
"name": "CVE-2024-29164",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29164"
},
{
"name": "CVE-2024-29165",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29165"
},
{
"name": "CVE-2024-29166",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29166"
},
{
"name": "CVE-2024-32605",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32605"
},
{
"name": "CVE-2024-32606",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32606"
},
{
"name": "CVE-2024-32607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32607"
},
{
"name": "CVE-2024-32608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32608"
},
{
"name": "CVE-2024-32609",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32609"
},
{
"name": "CVE-2024-32610",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32610"
},
{
"name": "CVE-2024-32611",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32611"
},
{
"name": "CVE-2024-32612",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32612"
},
{
"name": "CVE-2024-32613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32613"
},
{
"name": "CVE-2024-32614",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32614"
},
{
"name": "CVE-2024-32615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32615"
},
{
"name": "CVE-2024-32616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32616"
},
{
"name": "CVE-2024-32617",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32617"
},
{
"name": "CVE-2024-32618",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32618"
},
{
"name": "CVE-2024-32619",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32619"
},
{
"name": "CVE-2024-32620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32620"
},
{
"name": "CVE-2024-32621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32621"
},
{
"name": "CVE-2024-32622",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32622"
},
{
"name": "CVE-2024-32623",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32623"
},
{
"name": "CVE-2024-32624",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32624"
},
{
"name": "CVE-2024-33873",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33873"
},
{
"name": "CVE-2024-33874",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33874"
},
{
"name": "CVE-2024-33875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33875"
},
{
"name": "CVE-2024-33876",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33876"
},
{
"name": "CVE-2024-33877",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33877"
},
{
"name": "CVE-2024-34402",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34402"
},
{
"name": "CVE-2024-34403",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34403"
},
{
"name": "CVE-2024-38949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38949"
},
{
"name": "CVE-2024-38950",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38950"
},
{
"name": "CVE-2024-41996",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
},
{
"name": "CVE-2024-45993",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45993"
},
{
"name": "CVE-2024-46981",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46981"
},
{
"name": "CVE-2024-49203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49203"
},
{
"name": "CVE-2024-5171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5171"
},
{
"name": "CVE-2024-51741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51741"
},
{
"name": "CVE-2024-52522",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52522"
},
{
"name": "CVE-2024-52616",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52616"
},
{
"name": "CVE-2024-53427",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
},
{
"name": "CVE-2024-53920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
},
{
"name": "CVE-2024-56378",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56378"
},
{
"name": "CVE-2024-56406",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56406"
},
{
"name": "CVE-2024-56826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56826"
},
{
"name": "CVE-2024-56827",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56827"
},
{
"name": "CVE-2024-6716",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6716"
},
{
"name": "CVE-2025-2153",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2153"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-23022",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23022"
},
{
"name": "CVE-2025-24528",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
},
{
"name": "CVE-2025-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
}
],
"initial_release_date": "2025-06-19T00:00:00",
"last_revision_date": "2025-06-19T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0524",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35841",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35841"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35844",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35844"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35843",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35843"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35842",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35842"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35846",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35846"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35849",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35849"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35840",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35840"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35847",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35847"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35839",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35839"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35845",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35845"
},
{
"published_at": "2025-06-18",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35848",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35848"
}
]
}
CERTFR-2025-AVI-0580
Vulnerability from certfr_avis - Published: 2025-07-10 - Updated: 2025-07-10
De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 7.5.0",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Tanzu Gemfire versions ant\u00e9rieures \u00e0 9.15.16",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2022-41862",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2022-42967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42967"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
}
],
"initial_release_date": "2025-07-10T00:00:00",
"last_revision_date": "2025-07-10T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0580",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
"vendor_advisories": [
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35894",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35894"
},
{
"published_at": "2025-07-09",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35929",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35929"
}
]
}
CERTFR-2025-AVI-1036
Vulnerability from certfr_avis - Published: 2025-11-24 - Updated: 2025-11-24
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Tanzu Kubernetes Runtime | App Metrics versions antérieures à 2.3.2 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy) versions antérieures à 1.954.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Noble) versions antérieures à 1.126.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Platform Services | Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 6.0.22 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Metric Store versions antérieures à 1.8.1 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | AI Services pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu | VMware Tanzu pour Postgres on Tanzu Platform versions antérieures à 10.2.1 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.954.x | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Windows) versions antérieures à 2019.92.x | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.5 | ||
| VMware | Tanzu Kubernetes Runtime | Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.3.1 | ||
| VMware | Tanzu Kubernetes Runtime | Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.954.x |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "App Metrics versions ant\u00e9rieures \u00e0 2.3.2",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.126.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Platform Services",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Metric Store versions ant\u00e9rieures \u00e0 1.8.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tanzu pour Postgres on Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.1",
"product": {
"name": "Tanzu",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Windows) versions ant\u00e9rieures \u00e0 2019.92.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.954.x",
"product": {
"name": "Tanzu Kubernetes Runtime",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
},
{
"name": "CVE-2025-58183",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
},
{
"name": "CVE-2025-22872",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
},
{
"name": "CVE-2025-13425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13425"
},
{
"name": "CVE-2025-0913",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
},
{
"name": "CVE-2025-47907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
},
{
"name": "CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2025-4330",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
},
{
"name": "CVE-2025-58185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
},
{
"name": "CVE-2024-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
},
{
"name": "CVE-2025-4138",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
},
{
"name": "CVE-2024-24791",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
},
{
"name": "CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2024-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
},
{
"name": "CVE-2022-40897",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
},
{
"name": "CVE-2025-0938",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
},
{
"name": "CVE-2025-64329",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
},
{
"name": "CVE-2025-22866",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
},
{
"name": "CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"name": "CVE-2025-8194",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-4517",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
},
{
"name": "CVE-2025-58188",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
},
{
"name": "CVE-2025-4674",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
},
{
"name": "CVE-2022-29526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
},
{
"name": "CVE-2025-4435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
},
{
"name": "CVE-2024-45336",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
},
{
"name": "CVE-2025-52881",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
},
{
"name": "CVE-2024-5535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
},
{
"name": "CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"name": "CVE-2024-12718",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
},
{
"name": "CVE-2025-61724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
},
{
"name": "CVE-2025-61723",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2025-61795",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2025-61725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-22874",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
},
{
"name": "CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"name": "CVE-2025-47912",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
},
{
"name": "CVE-2024-7592",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
},
{
"name": "CVE-2025-58186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
},
{
"name": "CVE-2025-58187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
},
{
"name": "CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"name": "CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"name": "CVE-2025-59530",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-40300",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-25621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
},
{
"name": "CVE-2024-12254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
},
{
"name": "CVE-2025-8114",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
},
{
"name": "CVE-2025-4516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
},
{
"name": "CVE-2025-58058",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2025-58189",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2025-61748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
},
{
"name": "CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2024-4032",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2025-53057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
},
{
"name": "CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"name": "CVE-2025-53066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
},
{
"name": "CVE-2024-24789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2025-49014",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
},
{
"name": "CVE-2025-5981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5981"
},
{
"name": "CVE-2024-6923",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
},
{
"name": "CVE-2024-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
},
{
"name": "CVE-2025-11226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
}
],
"initial_release_date": "2025-11-24T00:00:00",
"last_revision_date": "2025-11-24T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-1036",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36513",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36513"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36530",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36530"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36512",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36512"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36526",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36526"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36511",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36511"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36525",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36525"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36516",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36516"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36527",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36527"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36536",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36536"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36519",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36519"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36518",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36518"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36524",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36524"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36521",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36521"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36528",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36528"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36522",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36522"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36514",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36514"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36532",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36532"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36509",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36509"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36517",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36517"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36533",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36533"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36537",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36537"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36531",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36531"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36510",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36510"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36523",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36523"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36515",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36515"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36529",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36529"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36534",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36534"
},
{
"published_at": "2025-11-24",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36535",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36535"
},
{
"published_at": "2025-11-23",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 36520",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36520"
}
]
}
CERTFR-2026-AVI-0109
Vulnerability from certfr_avis - Published: 2026-01-30 - Updated: 2026-01-30
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar User Behavior Analytics versions antérieures à 5.1.0 | ||
| IBM | Tivoli | Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de sécurité | ||
| IBM | Db2 | Db2 versions 12.1.x antérieures à 12.1.2 sans le correctif de sécurité #72296 | ||
| IBM | Db2 | DB2 Data Management Console versions 3.1.1x antérieures à 3.1.13.2 | ||
| IBM | WebSphere | WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | WebSphere | WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 versions 11.5.x antérieures à 11.5.9 sans le correctif de sécurité #66394 | ||
| IBM | Db2 | Db2 version 12.1.3 sans le correctif de sécurité #71609 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 antérieures à 8.3 sur Cloud Pak for Data 5.3 | ||
| IBM | WebSphere | WebSphere Application Server Liberty versions 17.0.0.3 à 26.0.0.1 sans le correctif de sécurité PH69485 ou antérieures à 26.0.0.2 (disponibilité prévue pour le premier trimestre 2026) | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP14 IF04 | ||
| IBM | Db2 | Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 antérieures à 8.3 sur Cloud Pak for Data 5.3 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar User Behavior Analytics versions ant\u00e9rieures \u00e0 5.1.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Application Dependency Discovery Manager version 7.3.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 12.1.x ant\u00e9rieures \u00e0 12.1.2 sans le correctif de s\u00e9curit\u00e9 #72296",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "DB2 Data Management Console versions 3.1.1x ant\u00e9rieures \u00e0 3.1.13.2",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 9.0 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server version 8.5 avec IBM SDK, Java Technology Edition Version 8 SR8 FP 60",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.8 sur Cloud Pak for Data 5.1 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 versions 11.5.x ant\u00e9rieures \u00e0 11.5.9 sans le correctif de s\u00e9curit\u00e9 #66394",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 version 12.1.3 sans le correctif de s\u00e9curit\u00e9 #71609",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.6 sur Cloud Pak for Data 4.8 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 8.2 sur Cloud Pak for Data 5.2 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 26.0.0.1 sans le correctif de s\u00e9curit\u00e9 PH69485 ou ant\u00e9rieures \u00e0 26.0.0.2 (disponibilit\u00e9 pr\u00e9vue pour le premier trimestre 2026)",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP14 IF04",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Big SQL on Cloud Pak for Data versions 7.7 sur Cloud Pak for Data 5.0 ant\u00e9rieures \u00e0 8.3 sur Cloud Pak for Data 5.3",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-2534",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2534"
},
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2022-2596",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2596"
},
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
},
{
"name": "CVE-2025-46762",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
},
{
"name": "CVE-2025-36131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36131"
},
{
"name": "CVE-2025-56200",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2019-9515",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9515"
},
{
"name": "CVE-2025-36384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36384"
},
{
"name": "CVE-2024-47118",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47118"
},
{
"name": "CVE-2025-36184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36184"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2019-9514",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9514"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2024-13009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
},
{
"name": "CVE-2025-57810",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-57810"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2025-58057",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
},
{
"name": "CVE-2026-21925",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
},
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
},
{
"name": "CVE-2025-36136",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36136"
},
{
"name": "CVE-2024-38809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38809"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2022-33987",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-33987"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2025-36006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36006"
},
{
"name": "CVE-2024-48949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
},
{
"name": "CVE-2025-36186",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36186"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2025-6493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6493"
},
{
"name": "CVE-2025-33012",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33012"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2025-64720",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2022-37601",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
},
{
"name": "CVE-2025-25977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25977"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"name": "CVE-2024-6763",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-65018",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
},
{
"name": "CVE-2025-55163",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
},
{
"name": "CVE-2025-54313",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-54313"
},
{
"name": "CVE-2025-66293",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
},
{
"name": "CVE-2025-58457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58457"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2022-22968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22968"
},
{
"name": "CVE-2025-39697",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39697"
},
{
"name": "CVE-2025-29907",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29907"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2025-9086",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2021-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23413"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-39971",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
},
{
"name": "CVE-2019-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9517"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2025-58056",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
},
{
"name": "CVE-2024-57965",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57965"
},
{
"name": "CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2026-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2025-14914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14914"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-48924",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
},
{
"name": "CVE-2024-47072",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47072"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2025-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27363"
},
{
"name": "CVE-2022-37599",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2019-9512",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9512"
},
{
"name": "CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2025-33134",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33134"
},
{
"name": "CVE-2019-9513",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9513"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2024-38816",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
},
{
"name": "CVE-2022-25858",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25858"
},
{
"name": "CVE-2024-57699",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2025-36185",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36185"
},
{
"name": "CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
}
],
"initial_release_date": "2026-01-30T00:00:00",
"last_revision_date": "2026-01-30T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0109",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 5691194",
"url": "https://www.ibm.com/support/pages/node/5691194"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258104",
"url": "https://www.ibm.com/support/pages/node/7258104"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258234",
"url": "https://www.ibm.com/support/pages/node/7258234"
},
{
"published_at": "2026-01-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258110",
"url": "https://www.ibm.com/support/pages/node/7258110"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257910",
"url": "https://www.ibm.com/support/pages/node/7257910"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257899",
"url": "https://www.ibm.com/support/pages/node/7257899"
},
{
"published_at": "2026-01-26",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258042",
"url": "https://www.ibm.com/support/pages/node/7258042"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257904",
"url": "https://www.ibm.com/support/pages/node/7257904"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257903",
"url": "https://www.ibm.com/support/pages/node/7257903"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257901",
"url": "https://www.ibm.com/support/pages/node/7257901"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257898",
"url": "https://www.ibm.com/support/pages/node/7257898"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257900",
"url": "https://www.ibm.com/support/pages/node/7257900"
},
{
"published_at": "2026-01-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257978",
"url": "https://www.ibm.com/support/pages/node/7257978"
},
{
"published_at": "2026-01-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257902",
"url": "https://www.ibm.com/support/pages/node/7257902"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257519",
"url": "https://www.ibm.com/support/pages/node/7257519"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258331",
"url": "https://www.ibm.com/support/pages/node/7258331"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257633",
"url": "https://www.ibm.com/support/pages/node/7257633"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258232",
"url": "https://www.ibm.com/support/pages/node/7258232"
},
{
"published_at": "2026-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7258224",
"url": "https://www.ibm.com/support/pages/node/7258224"
},
{
"published_at": "2026-01-29",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7257678",
"url": "https://www.ibm.com/support/pages/node/7257678"
}
]
}
FKIE_CVE-2024-10978
Vulnerability from fkie_nvd - Published: 2024-11-14 13:15 - Updated: 2025-11-03 22:16
Severity ?
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
4.2 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
References
| URL | Tags | ||
|---|---|---|---|
| f86ef6dc-4d3a-42ad-8f28-e6d5547a5007 | https://www.postgresql.org/support/security/CVE-2024-10978/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| postgresql | postgresql | * | |
| postgresql | postgresql | * | |
| postgresql | postgresql | * | |
| postgresql | postgresql | * | |
| postgresql | postgresql | * | |
| postgresql | postgresql | 17.0 | |
| postgresql | postgresql | 17.0 | |
| postgresql | postgresql | 17.0 | |
| postgresql | postgresql | 17.0 | |
| postgresql | postgresql | 17.0 | |
| debian | debian_linux | 11.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "433D59A0-8811-4DDB-A9F7-D85C62F905CC",
"versionEndExcluding": "12.21",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "380F8048-FBE5-4606-93A3-915CFD229317",
"versionEndExcluding": "13.17",
"versionStartIncluding": "13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FACF31C7-3B20-4BAE-A596-9C59D67406D8",
"versionEndExcluding": "14.14",
"versionStartIncluding": "14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF12F1A2-3179-4DAC-B728-038B94954DC7",
"versionEndExcluding": "15.9",
"versionStartIncluding": "15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "353CBD91-FC28-4DA3-B79A-F4F4DC80FA93",
"versionEndExcluding": "16.5",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:-:*:*:*:*:*:*",
"matchCriteriaId": "554F297F-6688-4242-9618-40A3A017D246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "2012E2E6-9A7A-4EA8-AE7C-5CB3486CE9DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "354785D4-62F8-49C6-BFE6-D7AFEF7BE28F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "EB5B99AA-AEDF-4730-824E-3A09D47B19DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:17.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9C88EECA-C66E-4FCF-BA4A-7581516B2471",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting(\u0027role\u0027) or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected."
},
{
"lang": "es",
"value": "La asignaci\u00f3n incorrecta de privilegios en PostgreSQL permite que un usuario de la aplicaci\u00f3n con menos privilegios vea o cambie filas distintas a las previstas. Un ataque requiere que la aplicaci\u00f3n utilice SET ROLE, SET SESSION AUTHORIZATION o una funci\u00f3n equivalente. El problema surge cuando una consulta de la aplicaci\u00f3n utiliza par\u00e1metros del atacante o transmite los resultados de la consulta al atacante. Si esa consulta reacciona a current_setting(\u0027role\u0027) o al ID de usuario actual, puede modificar o devolver datos como si la sesi\u00f3n no hubiera utilizado SET ROLE o SET SESSION AUTHORIZATION. El atacante no controla qu\u00e9 ID de usuario incorrecto se aplica. El texto de la consulta de fuentes con menos privilegios no es un problema aqu\u00ed, porque SET ROLE y SET SESSION AUTHORIZATION no son entornos aislados para consultas no verificadas. Las versiones anteriores a PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17 y 12.21 se ven afectadas."
}
],
"id": "CVE-2024-10978",
"lastModified": "2025-11-03T22:16:36.917",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-11-14T13:15:04.217",
"references": [
{
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"tags": [
"Vendor Advisory"
],
"url": "https://www.postgresql.org/support/security/CVE-2024-10978/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org"
}
],
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-37V9-JH5M-F5PG
Vulnerability from github – Published: 2024-11-14 15:32 – Updated: 2025-11-04 00:32
VLAI?
Details
Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting('role') or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.
Severity ?
4.2 (Medium)
{
"affected": [],
"aliases": [
"CVE-2024-10978"
],
"database_specific": {
"cwe_ids": [
"CWE-266"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-14T13:15:04Z",
"severity": "MODERATE"
},
"details": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting(\u0027role\u0027) or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"id": "GHSA-37v9-jh5m-f5pg",
"modified": "2025-11-04T00:32:03Z",
"published": "2024-11-14T15:32:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10978"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00011.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00018.html"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/message-id/173171334532.1547978.1518068370217143844%40wrigleys.postgresql.org"
},
{
"type": "WEB",
"url": "https://www.postgresql.org/support/security/CVE-2024-10978"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2024-10978
Vulnerability from csaf_microsoft - Published: 2024-11-02 00:00 - Updated: 2026-02-18 14:33Summary
PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
4.2 (Medium)
Affected products
Fixed
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17174-17086 | — | ||
| Unresolved product id: 17566-17084 | — | ||
| Unresolved product id: 19831-17086 | — | ||
| Unresolved product id: 19835-17084 | — | ||
| Unresolved product id: 17259-17086 | — |
Known affected
5 products
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2024/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2024-10978 PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-10978.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID",
"tracking": {
"current_release_date": "2026-02-18T14:33:13.000Z",
"generator": {
"date": "2026-02-21T01:16:03.533Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2024-10978",
"initial_release_date": "2024-11-02T00:00:00.000Z",
"revision_history": [
{
"date": "2024-11-23T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-11-26T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added postgresql to Azure Linux 3.0\nAdded postgresql to CBL-Mariner 2.0"
},
{
"date": "2026-02-18T14:33:13.000Z",
"legacy_version": "2",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 postgresql 14.14-1",
"product": {
"name": "\u003ccbl2 postgresql 14.14-1",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 postgresql 14.14-1",
"product": {
"name": "cbl2 postgresql 14.14-1",
"product_id": "17174"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 postgresql 16.5-1",
"product": {
"name": "\u003cazl3 postgresql 16.5-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 postgresql 16.5-1",
"product": {
"name": "azl3 postgresql 16.5-1",
"product_id": "17566"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 postgresql 14.13-1",
"product": {
"name": "\u003ccbl2 postgresql 14.13-1",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 postgresql 14.13-1",
"product": {
"name": "cbl2 postgresql 14.13-1",
"product_id": "19831"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 postgresql 16.4-2",
"product": {
"name": "\u003cazl3 postgresql 16.4-2",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "azl3 postgresql 16.4-2",
"product": {
"name": "azl3 postgresql 16.4-2",
"product_id": "19835"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 postgresql 14.13-1",
"product": {
"name": "\u003ccbl2 postgresql 14.13-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 postgresql 14.13-1",
"product": {
"name": "cbl2 postgresql 14.13-1",
"product_id": "17259"
}
}
],
"category": "product_name",
"name": "postgresql"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 postgresql 14.14-1 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 postgresql 14.14-1 as a component of CBL Mariner 2.0",
"product_id": "17174-17086"
},
"product_reference": "17174",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 postgresql 16.5-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 postgresql 16.5-1 as a component of Azure Linux 3.0",
"product_id": "17566-17084"
},
"product_reference": "17566",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 postgresql 14.13-1 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 postgresql 14.13-1 as a component of CBL Mariner 2.0",
"product_id": "19831-17086"
},
"product_reference": "19831",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 postgresql 16.4-2 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 postgresql 16.4-2 as a component of Azure Linux 3.0",
"product_id": "19835-17084"
},
"product_reference": "19835",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 postgresql 14.13-1 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 postgresql 14.13-1 as a component of CBL Mariner 2.0",
"product_id": "17259-17086"
},
"product_reference": "17259",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10978",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"notes": [
{
"category": "general",
"text": "PostgreSQL",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"17174-17086",
"17566-17084",
"19831-17086",
"19835-17084",
"17259-17086"
],
"known_affected": [
"17086-5",
"17084-3",
"17086-2",
"17084-1",
"17086-4"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-10978 PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-10978.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2024-11-23T00:00:00.000Z",
"details": "14.14-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-5",
"17086-2",
"17086-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2024-11-23T00:00:00.000Z",
"details": "16.5-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-3",
"17084-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"temporalScore": 4.2,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"17086-5",
"17084-3",
"17086-2",
"17084-1",
"17086-4"
]
}
],
"title": "PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID"
}
]
}
OPENSUSE-SU-2024:14501-1
Vulnerability from csaf_opensuse - Published: 2024-11-15 00:00 - Updated: 2024-11-15 00:00Summary
postgresql12-12.21-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: postgresql12-12.21-1.1 on GA media
Description of the patch: These are all security issues fixed in the postgresql12-12.21-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-14501
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4.2 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.8 (High)
Affected products
Recommended
48 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
14 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2024-10976/ | self |
| https://www.suse.com/security/cve/CVE-2024-10977/ | self |
| https://www.suse.com/security/cve/CVE-2024-10978/ | self |
| https://www.suse.com/security/cve/CVE-2024-10979/ | self |
| https://www.suse.com/security/cve/CVE-2024-10976 | external |
| https://bugzilla.suse.com/1233323 | external |
| https://www.suse.com/security/cve/CVE-2024-10977 | external |
| https://bugzilla.suse.com/1233325 | external |
| https://www.suse.com/security/cve/CVE-2024-10978 | external |
| https://bugzilla.suse.com/1233326 | external |
| https://www.suse.com/security/cve/CVE-2024-10979 | external |
| https://bugzilla.suse.com/1233327 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "postgresql12-12.21-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the postgresql12-12.21-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-14501",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_14501-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10976 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10977 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10977/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10978 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10978/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-10979 page",
"url": "https://www.suse.com/security/cve/CVE-2024-10979/"
}
],
"title": "postgresql12-12.21-1.1 on GA media",
"tracking": {
"current_release_date": "2024-11-15T00:00:00Z",
"generator": {
"date": "2024-11-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:14501-1",
"initial_release_date": "2024-11-15T00:00:00Z",
"revision_history": [
{
"date": "2024-11-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "postgresql12-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-12.21-1.1.aarch64",
"product_id": "postgresql12-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-contrib-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-contrib-12.21-1.1.aarch64",
"product_id": "postgresql12-contrib-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-devel-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-devel-12.21-1.1.aarch64",
"product_id": "postgresql12-devel-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-docs-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-docs-12.21-1.1.aarch64",
"product_id": "postgresql12-docs-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-llvmjit-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-llvmjit-12.21-1.1.aarch64",
"product_id": "postgresql12-llvmjit-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"product_id": "postgresql12-llvmjit-devel-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-plperl-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-plperl-12.21-1.1.aarch64",
"product_id": "postgresql12-plperl-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-plpython-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-plpython-12.21-1.1.aarch64",
"product_id": "postgresql12-plpython-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-pltcl-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-pltcl-12.21-1.1.aarch64",
"product_id": "postgresql12-pltcl-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-server-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-server-12.21-1.1.aarch64",
"product_id": "postgresql12-server-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-server-devel-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-server-devel-12.21-1.1.aarch64",
"product_id": "postgresql12-server-devel-12.21-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "postgresql12-test-12.21-1.1.aarch64",
"product": {
"name": "postgresql12-test-12.21-1.1.aarch64",
"product_id": "postgresql12-test-12.21-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql12-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-12.21-1.1.ppc64le",
"product_id": "postgresql12-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-contrib-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-contrib-12.21-1.1.ppc64le",
"product_id": "postgresql12-contrib-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-devel-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-devel-12.21-1.1.ppc64le",
"product_id": "postgresql12-devel-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-docs-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-docs-12.21-1.1.ppc64le",
"product_id": "postgresql12-docs-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-llvmjit-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-llvmjit-12.21-1.1.ppc64le",
"product_id": "postgresql12-llvmjit-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"product_id": "postgresql12-llvmjit-devel-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-plperl-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-plperl-12.21-1.1.ppc64le",
"product_id": "postgresql12-plperl-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-plpython-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-plpython-12.21-1.1.ppc64le",
"product_id": "postgresql12-plpython-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-pltcl-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-pltcl-12.21-1.1.ppc64le",
"product_id": "postgresql12-pltcl-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-server-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-server-12.21-1.1.ppc64le",
"product_id": "postgresql12-server-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-server-devel-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-server-devel-12.21-1.1.ppc64le",
"product_id": "postgresql12-server-devel-12.21-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "postgresql12-test-12.21-1.1.ppc64le",
"product": {
"name": "postgresql12-test-12.21-1.1.ppc64le",
"product_id": "postgresql12-test-12.21-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql12-12.21-1.1.s390x",
"product": {
"name": "postgresql12-12.21-1.1.s390x",
"product_id": "postgresql12-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-contrib-12.21-1.1.s390x",
"product": {
"name": "postgresql12-contrib-12.21-1.1.s390x",
"product_id": "postgresql12-contrib-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-devel-12.21-1.1.s390x",
"product": {
"name": "postgresql12-devel-12.21-1.1.s390x",
"product_id": "postgresql12-devel-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-docs-12.21-1.1.s390x",
"product": {
"name": "postgresql12-docs-12.21-1.1.s390x",
"product_id": "postgresql12-docs-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-llvmjit-12.21-1.1.s390x",
"product": {
"name": "postgresql12-llvmjit-12.21-1.1.s390x",
"product_id": "postgresql12-llvmjit-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-llvmjit-devel-12.21-1.1.s390x",
"product": {
"name": "postgresql12-llvmjit-devel-12.21-1.1.s390x",
"product_id": "postgresql12-llvmjit-devel-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-plperl-12.21-1.1.s390x",
"product": {
"name": "postgresql12-plperl-12.21-1.1.s390x",
"product_id": "postgresql12-plperl-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-plpython-12.21-1.1.s390x",
"product": {
"name": "postgresql12-plpython-12.21-1.1.s390x",
"product_id": "postgresql12-plpython-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-pltcl-12.21-1.1.s390x",
"product": {
"name": "postgresql12-pltcl-12.21-1.1.s390x",
"product_id": "postgresql12-pltcl-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-server-12.21-1.1.s390x",
"product": {
"name": "postgresql12-server-12.21-1.1.s390x",
"product_id": "postgresql12-server-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-server-devel-12.21-1.1.s390x",
"product": {
"name": "postgresql12-server-devel-12.21-1.1.s390x",
"product_id": "postgresql12-server-devel-12.21-1.1.s390x"
}
},
{
"category": "product_version",
"name": "postgresql12-test-12.21-1.1.s390x",
"product": {
"name": "postgresql12-test-12.21-1.1.s390x",
"product_id": "postgresql12-test-12.21-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "postgresql12-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-12.21-1.1.x86_64",
"product_id": "postgresql12-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-contrib-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-contrib-12.21-1.1.x86_64",
"product_id": "postgresql12-contrib-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-devel-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-devel-12.21-1.1.x86_64",
"product_id": "postgresql12-devel-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-docs-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-docs-12.21-1.1.x86_64",
"product_id": "postgresql12-docs-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-llvmjit-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-llvmjit-12.21-1.1.x86_64",
"product_id": "postgresql12-llvmjit-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"product_id": "postgresql12-llvmjit-devel-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-plperl-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-plperl-12.21-1.1.x86_64",
"product_id": "postgresql12-plperl-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-plpython-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-plpython-12.21-1.1.x86_64",
"product_id": "postgresql12-plpython-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-pltcl-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-pltcl-12.21-1.1.x86_64",
"product_id": "postgresql12-pltcl-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-server-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-server-12.21-1.1.x86_64",
"product_id": "postgresql12-server-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-server-devel-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-server-devel-12.21-1.1.x86_64",
"product_id": "postgresql12-server-devel-12.21-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "postgresql12-test-12.21-1.1.x86_64",
"product": {
"name": "postgresql12-test-12.21-1.1.x86_64",
"product_id": "postgresql12-test-12.21-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x"
},
"product_reference": "postgresql12-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-contrib-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-contrib-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-contrib-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-contrib-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-contrib-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x"
},
"product_reference": "postgresql12-contrib-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-contrib-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-contrib-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-devel-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-devel-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-devel-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-devel-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-devel-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x"
},
"product_reference": "postgresql12-devel-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-devel-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-devel-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-docs-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-docs-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-docs-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-docs-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-docs-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x"
},
"product_reference": "postgresql12-docs-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-docs-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-docs-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-llvmjit-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-llvmjit-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-llvmjit-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-llvmjit-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-llvmjit-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x"
},
"product_reference": "postgresql12-llvmjit-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-llvmjit-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-llvmjit-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-llvmjit-devel-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-llvmjit-devel-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-llvmjit-devel-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x"
},
"product_reference": "postgresql12-llvmjit-devel-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-llvmjit-devel-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-plperl-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-plperl-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-plperl-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-plperl-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-plperl-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x"
},
"product_reference": "postgresql12-plperl-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-plperl-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-plperl-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-plpython-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-plpython-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-plpython-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-plpython-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-plpython-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x"
},
"product_reference": "postgresql12-plpython-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-plpython-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-plpython-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-pltcl-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-pltcl-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-pltcl-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-pltcl-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-pltcl-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x"
},
"product_reference": "postgresql12-pltcl-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-pltcl-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-pltcl-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-server-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-server-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-server-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-server-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-server-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x"
},
"product_reference": "postgresql12-server-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-server-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-server-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-server-devel-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-server-devel-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-server-devel-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-server-devel-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-server-devel-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x"
},
"product_reference": "postgresql12-server-devel-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-server-devel-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-server-devel-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-test-12.21-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64"
},
"product_reference": "postgresql12-test-12.21-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-test-12.21-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le"
},
"product_reference": "postgresql12-test-12.21-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-test-12.21-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x"
},
"product_reference": "postgresql12-test-12.21-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql12-test-12.21-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
},
"product_reference": "postgresql12-test-12.21-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-10976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10976"
}
],
"notes": [
{
"category": "general",
"text": "Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invoker view, or SQL-language function references a table with a row-level security policy. This has the same consequences as the two earlier CVEs. That is to say, it leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy. An attacker must tailor an attack to a particular application\u0027s pattern of query plan reuse, user ID changes, and role-specific row security policies. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10976",
"url": "https://www.suse.com/security/cve/CVE-2024-10976"
},
{
"category": "external",
"summary": "SUSE Bug 1233323 for CVE-2024-10976",
"url": "https://bugzilla.suse.com/1233323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-10976"
},
{
"cve": "CVE-2024-10977",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10977"
}
],
"notes": [
{
"category": "general",
"text": "Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistakes for valid query results. This is probably not a concern for clients where the user interface unambiguously indicates the boundary between one error message and other text. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10977",
"url": "https://www.suse.com/security/cve/CVE-2024-10977"
},
{
"category": "external",
"summary": "SUSE Bug 1233325 for CVE-2024-10977",
"url": "https://bugzilla.suse.com/1233325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-10977"
},
{
"cve": "CVE-2024-10978",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10978"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The problem arises when an application query uses parameters from the attacker or conveys query results to the attacker. If that query reacts to current_setting(\u0027role\u0027) or the current user ID, it may modify or return data as though the session had not used SET ROLE or SET SESSION AUTHORIZATION. The attacker does not control which incorrect user ID applies. Query text from less-privileged sources is not a concern here, because SET ROLE and SET SESSION AUTHORIZATION are not sandboxes for unvetted queries. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10978",
"url": "https://www.suse.com/security/cve/CVE-2024-10978"
},
{
"category": "external",
"summary": "SUSE Bug 1233326 for CVE-2024-10978",
"url": "https://bugzilla.suse.com/1233326"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2024-10978"
},
{
"cve": "CVE-2024-10979",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-10979"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user. Versions before PostgreSQL 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21 are affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-10979",
"url": "https://www.suse.com/security/cve/CVE-2024-10979"
},
{
"category": "external",
"summary": "SUSE Bug 1233327 for CVE-2024-10979",
"url": "https://bugzilla.suse.com/1233327"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:postgresql12-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-contrib-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-docs-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-llvmjit-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plperl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-plpython-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-pltcl-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-server-devel-12.21-1.1.x86_64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.aarch64",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.ppc64le",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.s390x",
"openSUSE Tumbleweed:postgresql12-test-12.21-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-11-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2024-10979"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…