Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-35255 (GCVE-0-2022-35255)
Vulnerability from cvelistv5 – Published: 2022-12-05 00:00 – Updated: 2025-04-30 05:48
VLAI
EPSS
Summary
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
Severity
9.1 (Critical)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NodeJS | Node |
Affected:
4.0 , < 4.*
(semver)
Affected: 5.0 , < 5.* (semver) Affected: 6.0 , < 6.* (semver) Affected: 7.0 , < 7.* (semver) Affected: 8.0 , < 8.* (semver) Affected: 9.0 , < 9.* (semver) Affected: 10.0 , < 10.* (semver) Affected: 11.0 , < 11.* (semver) Affected: 12.0 , < 12.* (semver) Affected: 13.0 , < 13.* (semver) Affected: 15.0 , < 15.* (semver) Affected: 17.0 , < 17.* (semver) Affected: 18.0 , < 18.9.1 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://hackerone.com/reports/1690000"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230113-0002/"
},
{
"name": "DSA-5326",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-35255",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T13:23:49.139648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T13:24:14.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Node",
"vendor": "NodeJS",
"versions": [
{
"lessThan": "4.*",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.*",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "6.*",
"status": "affected",
"version": "6.0",
"versionType": "semver"
},
{
"lessThan": "7.*",
"status": "affected",
"version": "7.0",
"versionType": "semver"
},
{
"lessThan": "8.*",
"status": "affected",
"version": "8.0",
"versionType": "semver"
},
{
"lessThan": "9.*",
"status": "affected",
"version": "9.0",
"versionType": "semver"
},
{
"lessThan": "10.*",
"status": "affected",
"version": "10.0",
"versionType": "semver"
},
{
"lessThan": "11.*",
"status": "affected",
"version": "11.0",
"versionType": "semver"
},
{
"lessThan": "12.*",
"status": "affected",
"version": "12.0",
"versionType": "semver"
},
{
"lessThan": "13.*",
"status": "affected",
"version": "13.0",
"versionType": "semver"
},
{
"lessThan": "15.*",
"status": "affected",
"version": "15.0",
"versionType": "semver"
},
{
"lessThan": "17.*",
"status": "affected",
"version": "17.0",
"versionType": "semver"
},
{
"lessThan": "18.9.1",
"status": "affected",
"version": "18.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-30T05:48:45.486Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://hackerone.com/reports/1690000"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230113-0002/"
},
{
"name": "DSA-5326",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5326"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2022-35255",
"datePublished": "2022-12-05T00:00:00.000Z",
"dateReserved": "2022-07-06T00:00:00.000Z",
"dateUpdated": "2025-04-30T05:48:45.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-35255",
"date": "2026-05-29",
"epss": "0.01151",
"percentile": "0.78803"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-35255\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2022-12-05T22:15:10.513\",\"lastModified\":\"2025-04-24T14:15:32.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.\"},{\"lang\":\"es\",\"value\":\"Existe una aleatoriedad d\u00e9bil en la vulnerabilidad keygen de WebCrypto en Node.js 18 debido a un cambio con EntropySource() en SecretKeyGenTraits::DoKeyGen() en src/crypto/crypto_keygen.cc. Hay dos problemas con esto: 1) No verifica el valor de retorno, asume que EntropySource() siempre tiene \u00e9xito, pero puede (y a veces fallar\u00e1). 2) Los datos aleatorios devueltos por EntropySource() pueden no ser criptogr\u00e1ficamente s\u00f3lidos y, por lo tanto, no son adecuados como material de claves.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-338\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-338\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.14.0\",\"matchCriteriaId\":\"E47572BB-0E1B-4F93-BCE9-45E03CFD65BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"16.0.0\",\"versionEndIncluding\":\"16.12.0\",\"matchCriteriaId\":\"1D1D0CEC-62E5-4368-B8F2-1DA5DD0B88FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*\",\"versionStartIncluding\":\"16.13.0\",\"versionEndExcluding\":\"16.17.1\",\"matchCriteriaId\":\"09BD0FC2-5AA1-4A22-8432-A2EEA314FE09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*\",\"versionStartIncluding\":\"18.0.0\",\"versionEndExcluding\":\"18.9.1\",\"matchCriteriaId\":\"DA8C00DD-A6E5-4E3D-8DD4-F4B51F5C208A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.0\",\"matchCriteriaId\":\"C89891C1-DFD7-4E1F-80A9-7485D86A15B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"4664B195-AF14-4834-82B3-0B2C98020EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"75BC588E-CDF0-404E-AD61-02093A1DF343\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"A334F7B4-7283-4453-BAED-D2E01B7F8A6E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1690000\",\"source\":\"support@hackerone.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230113-0002/\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5326\",\"source\":\"support@hackerone.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://hackerone.com/reports/1690000\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20230113-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://hackerone.com/reports/1690000\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230113-0002/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5326\", \"name\": \"DSA-5326\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T09:29:17.447Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-35255\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-24T13:23:49.139648Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-24T13:24:08.331Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"NodeJS\", \"product\": \"Node\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.0\", \"lessThan\": \"4.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"5.0\", \"lessThan\": \"5.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"6.0\", \"lessThan\": \"6.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"7.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"8.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"9.0\", \"lessThan\": \"9.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"10.0\", \"lessThan\": \"10.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"11.0\", \"lessThan\": \"11.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"12.0\", \"lessThan\": \"12.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"13.0\", \"lessThan\": \"13.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"15.0\", \"lessThan\": \"15.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"17.0\", \"lessThan\": \"17.*\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"18.0\", \"lessThan\": \"18.9.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://hackerone.com/reports/1690000\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20230113-0002/\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5326\", \"name\": \"DSA-5326\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-338\", \"description\": \"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CWE-338)\"}]}], \"providerMetadata\": {\"orgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"shortName\": \"hackerone\", \"dateUpdated\": \"2025-04-30T05:48:45.486Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-35255\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-30T05:48:45.486Z\", \"dateReserved\": \"2022-07-06T00:00:00.000Z\", \"assignerOrgId\": \"36234546-b8fa-4601-9d6f-f4e334aa8ea1\", \"datePublished\": \"2022-12-05T00:00:00.000Z\", \"assignerShortName\": \"hackerone\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2022:6963
Vulnerability from osv_almalinux
Published
2022-10-18 00:00
Modified
2023-03-13 16:35
Summary
Important: nodejs security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16.17.1).
Security Fix(es):
- nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "nodejs-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.15.0-1.16.17.1.1.el9_0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (16.17.1).\n\nSecurity Fix(es):\n\n* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:6963",
"modified": "2023-03-13T16:35:42Z",
"published": "2022-10-18T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6963"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35255"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130517"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130518"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2022-6963.html"
}
],
"related": [
"CVE-2022-35255",
"CVE-2022-35256"
],
"summary": "Important: nodejs security update"
}
alsa-2022:6964
Vulnerability from osv_almalinux
Published
2022-10-17 00:00
Modified
2022-10-27 10:15
Summary
Important: nodejs:16 security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs 16.
Security Fix(es):
- nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:16.17.1-1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.19-2.module_el8.6.0+3261+490666b3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "25-1.module_el8.5.0+2605+45d748af"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.15.0-1.16.17.1.1.module_el8.6.0+3328+2e4711d7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs 16.\n\nSecurity Fix(es):\n\n* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:6964",
"modified": "2022-10-27T10:15:16Z",
"published": "2022-10-17T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:6964"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35255"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130517"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130518"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-6964.html"
}
],
"related": [
"CVE-2022-35255",
"CVE-2022-35256"
],
"summary": "Important: nodejs:16 security update"
}
alsa-2022:7821
Vulnerability from osv_almalinux
Published
2022-11-08 00:00
Modified
2022-11-11 19:27
Summary
Important: nodejs:18 security update
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (18.9.1). (BZ#2130559, BZ#2131750)
Security Fix(es):
- nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.9.1-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.9.1-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-docs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.9.1-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-full-i18n"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:18.9.1-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-nodemon"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.19-1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.06-4.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nodejs-packaging-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2021.06-4.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "npm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:8.19.1-1.18.9.1.1.module_el8.7.0+3343+ea2b7901"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nThe following packages have been upgraded to a later upstream version: nodejs (18.9.1). (BZ#2130559, BZ#2131750)\n\nSecurity Fix(es):\n\n* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)\n* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:7821",
"modified": "2022-11-11T19:27:35Z",
"published": "2022-11-08T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2022:7821"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35255"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2022-35256"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130517"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2130518"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-7821.html"
}
],
"related": [
"CVE-2022-35255",
"CVE-2022-35256"
],
"summary": "Important: nodejs:18 security update"
}
bit-node-2022-35255
Vulnerability from bitnami_vulndb
Published
2024-03-06 11:03
Modified
2025-04-03 14:40
Summary
Details
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "node",
"purl": "pkg:bitnami/node"
},
"ranges": [
{
"events": [
{
"introduced": "15.0.0"
},
{
"fixed": "15.14.1"
},
{
"introduced": "16.0.0"
},
{
"fixed": "16.12.1"
},
{
"introduced": "16.13.0"
},
{
"fixed": "16.17.1"
},
{
"introduced": "18.0.0"
},
{
"fixed": "18.9.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2022-35255"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
"cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*"
],
"severity": "Critical"
},
"details": "A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.",
"id": "BIT-node-2022-35255",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T11:03:16.007Z",
"references": [
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/1690000"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20230113-0002/"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2023/dsa-5326"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
}
],
"schema_version": "1.5.0"
}
CERTFR-2023-AVI-0015
Vulnerability from certfr_avis - Published: 2023-01-10 - Updated: 2023-01-10
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.5.0 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller versions antérieures à V4.1.1 Patch 05 | ||
| Siemens | N/A | SINEC INS versions antérieures à V1.0 SP2 Update 1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions antérieures à V5.4.2 | ||
| Siemens | N/A | Solid Edge versions antérieures à V2023 MP1 | ||
| Siemens | N/A | JT Open versions antérieures à V13.1.1.0 | ||
| Siemens | N/A | Mendix SAML (Mendix 9 compatible, New Track) versions V3.3.x antérieures à V3.3.9 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5.0 Patch 01 | ||
| Siemens | N/A | Mendix SAML (Mendix 9 compatible, Upgrade Track) versions V3.3.x antérieures à V3.3.8 | ||
| Siemens | N/A | Automation License Manager V5 | ||
| Siemens | N/A | JT Open versions antérieures à V11.1.1.0 | ||
| Siemens | N/A | Mendix SAML (Mendix 8 compatible) versions V2.3.x antérieures à V2.3.4 | ||
| Siemens | N/A | Automation License Manager versions V6 antérieures à V6 SP9 Upd4 | ||
| Siemens | N/A | De nombreux produits SIMATIC, SIMOTION, SINAMICS, SINUMERIK et SIPLUS (Se référer au bulletin de sécurité de l'éditeur pour les versions affectées) |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller versions ant\u00e9rieures \u00e0 V4.1.1 Patch 05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC INS versions ant\u00e9rieures \u00e0 V1.0 SP2 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V5.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Solid Edge versions ant\u00e9rieures \u00e0 V2023 MP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V13.1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 9 compatible, New Track) versions V3.3.x ant\u00e9rieures \u00e0 V3.3.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5.0 Patch 01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 9 compatible, Upgrade Track) versions V3.3.x ant\u00e9rieures \u00e0 V3.3.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Automation License Manager V5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V11.1.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix SAML (Mendix 8 compatible) versions V2.3.x ant\u00e9rieures \u00e0 V2.3.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Automation License Manager versions V6 ant\u00e9rieures \u00e0 V6 SP9 Upd4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "De nombreux produits SIMATIC, SIMOTION, SINAMICS, SINUMERIK et SIPLUS (Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2022-1292",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
},
{
"name": "CVE-2022-38773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38773"
},
{
"name": "CVE-2022-47935",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47935"
},
{
"name": "CVE-2022-45093",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45093"
},
{
"name": "CVE-2022-2068",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
},
{
"name": "CVE-2022-45092",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45092"
},
{
"name": "CVE-2022-45094",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45094"
},
{
"name": "CVE-2021-44002",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44002"
},
{
"name": "CVE-2021-44014",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44014"
},
{
"name": "CVE-2022-43513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43513"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2019-13940",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
},
{
"name": "CVE-2019-10923",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10923"
},
{
"name": "CVE-2022-2274",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2274"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2018-4843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4843"
},
{
"name": "CVE-2022-47967",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-47967"
},
{
"name": "CVE-2022-46823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46823"
},
{
"name": "CVE-2022-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2022-43514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43514"
}
],
"initial_release_date": "2023-01-10T00:00:00",
"last_revision_date": "2023-01-10T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-936212 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-936212.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-482757 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-482757.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-332410 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-332410.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-476715 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-431678.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-997779 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-997779.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-592007 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-592007.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-496604 du 10 janvier 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-496604.html"
}
]
}
CERTFR-2023-AVI-0362
Vulnerability from certfr_avis - Published: 2023-05-09 - Updated: 2023-05-09
De multiples vulnérabilités ont été découvertes dans IBM. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité, une atteinte à la confidentialité des données, une élévation de privilèges, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.2.x antérieures à 8.2.1.17 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.2.x antérieures à 11.2.4.1 IF1 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.5.x antérieures à 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.4.x antérieures à 8.4.0.10 | ||
| IBM | Cognos Analytics | IBM Cognos Analytics versions 11.1.x antérieures à 11.1.7 FP7 | ||
| IBM | N/A | IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x antérieures à 4.6.5 | ||
| IBM | Spectrum | IBM Spectrum Virtualize versions 8.3.x antérieures à 8.3.1.9 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Virtualize versions 8.2.x ant\u00e9rieures \u00e0 8.2.1.17",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4.1 IF1",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.5.x ant\u00e9rieures \u00e0 8.5.0.7 ou 8.5.2.3 ou 8.5.4.0",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.4.x ant\u00e9rieures \u00e0 8.4.0.10",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 FP7",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Cognos Analytics on Cloud Pak for Data versions 4.0.x ant\u00e9rieures \u00e0 4.6.5",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Virtualize versions 8.3.x ant\u00e9rieures \u00e0 8.3.1.9",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2015-5237",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
},
{
"name": "CVE-2022-43887",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43887"
},
{
"name": "CVE-2021-29469",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29469"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2022-36364",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2022-24434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24434"
},
{
"name": "CVE-2022-21680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2021-3516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3516"
},
{
"name": "CVE-2022-24728",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24728"
},
{
"name": "CVE-2022-0185",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0185"
},
{
"name": "CVE-2023-30441",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30441"
},
{
"name": "CVE-2022-24729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24729"
},
{
"name": "CVE-2020-7789",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7789"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2022-43883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43883"
},
{
"name": "CVE-2022-39160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39160"
},
{
"name": "CVE-2022-34165",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
},
{
"name": "CVE-2021-39036",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39036"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2022-21681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2021-3518",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3518"
},
{
"name": "CVE-2022-38708",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38708"
}
],
"initial_release_date": "2023-05-09T00:00:00",
"last_revision_date": "2023-05-09T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0362",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eIBM\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6986505 du 05 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6986505"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6988147 du 05 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6988147"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6987769 du 02 mai 2023",
"url": "https://www.ibm.com/support/pages/node/6987769"
}
]
}
CERTFR-2023-AVI-0484
Vulnerability from certfr_avis - Published: 2023-06-23 - Updated: 2023-06-23
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Storage Protect | IBM Storage Protect Operations Center versions 8.1.0.000 à 8.1.18.xxx antérieures à 8.1.19 | ||
| IBM | QRadar SIEM | IBM QRadar SIEM versions antérieures à 7.5.0 UP6 | ||
| IBM | Storage Protect | IBM Storage Protect Server versions 8.1.0.000 à 8.1.18.xxx antérieures 8.1.19 | ||
| IBM | Db2 | IBM Db2 Warehouse versions antérieures à 11.5.8.0 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus versions 10.1.0 à 10.1.14 antérieures 10.1.15 | ||
| IBM | Storage Protect | IBM Storage Protect Backup-Archive Client versions 8.1.0.0 à 8.1.17.2 antérieures 8.1.19.0 | ||
| IBM | Spectrum | IBM Spectrum Protect Plus File Systems Agent versions 10.1.6 à 10.1.14 antérieures à 10.1.15 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Storage Protect Operations Center versions 8.1.0.000 \u00e0 8.1.18.xxx ant\u00e9rieures \u00e0 8.1.19",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM QRadar SIEM versions ant\u00e9rieures \u00e0 7.5.0 UP6",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Storage Protect Server versions 8.1.0.000 \u00e0 8.1.18.xxx ant\u00e9rieures 8.1.19",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 Warehouse versions ant\u00e9rieures \u00e0 11.5.8.0",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus versions 10.1.0 \u00e0 10.1.14 ant\u00e9rieures 10.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Storage Protect Backup-Archive Client versions 8.1.0.0 \u00e0 8.1.17.2 ant\u00e9rieures 8.1.19.0",
"product": {
"name": "Storage Protect",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Spectrum Protect Plus File Systems Agent versions 10.1.6 \u00e0 10.1.14 ant\u00e9rieures \u00e0 10.1.15",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25577",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25577"
},
{
"name": "CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"name": "CVE-2022-43927",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43927"
},
{
"name": "CVE-2022-30631",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30631"
},
{
"name": "CVE-2022-4304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
},
{
"name": "CVE-2023-27555",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27555"
},
{
"name": "CVE-2022-41725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41725"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2022-30635",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30635"
},
{
"name": "CVE-2022-4269",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4269"
},
{
"name": "CVE-2023-23934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23934"
},
{
"name": "CVE-2022-41722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41722"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
},
{
"name": "CVE-2023-0266",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0266"
},
{
"name": "CVE-2020-36557",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36557"
},
{
"name": "CVE-2020-13955",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13955"
},
{
"name": "CVE-2020-35490",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-32148",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32148"
},
{
"name": "CVE-2022-39135",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39135"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2020-11971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11971"
},
{
"name": "CVE-2022-30630",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30630"
},
{
"name": "CVE-2023-28956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28956"
},
{
"name": "CVE-2022-43552",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
},
{
"name": "CVE-2023-29257",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29257"
},
{
"name": "CVE-2023-26021",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26021"
},
{
"name": "CVE-2022-1705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1705"
},
{
"name": "CVE-2023-23915",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23915"
},
{
"name": "CVE-2022-41716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41716"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2022-30633",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30633"
},
{
"name": "CVE-2023-23914",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23914"
},
{
"name": "CVE-2022-30632",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30632"
},
{
"name": "CVE-2022-41717",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41717"
},
{
"name": "CVE-2023-24536",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24536"
},
{
"name": "CVE-2022-28131",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28131"
},
{
"name": "CVE-2022-4378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4378"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2020-35491",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
},
{
"name": "CVE-2022-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
},
{
"name": "CVE-2014-3577",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3577"
},
{
"name": "CVE-2023-24532",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24532"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-0386",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0386"
},
{
"name": "CVE-2022-41721",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41721"
},
{
"name": "CVE-2023-25930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25930"
},
{
"name": "CVE-2022-41724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41724"
},
{
"name": "CVE-2022-2873",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2873"
},
{
"name": "CVE-2023-29255",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29255"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2023-24537",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24537"
},
{
"name": "CVE-2022-43930",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-27559",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27559"
},
{
"name": "CVE-2022-43929",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43929"
},
{
"name": "CVE-2023-24538",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24538"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2023-30861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-30861"
},
{
"name": "CVE-2022-41723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41723"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2022-41727",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41727"
},
{
"name": "CVE-2023-26022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26022"
},
{
"name": "CVE-2022-1280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1280"
},
{
"name": "CVE-2023-23916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23916"
}
],
"initial_release_date": "2023-06-23T00:00:00",
"last_revision_date": "2023-06-23T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0484",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-06-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005589 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005589"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005553 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005553"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6999973 du 19 juin 2023",
"url": "https://www.ibm.com/support/pages/node/6999973"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005519 du 20 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005519"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7006395 du 22 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7006395"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7005949 du 21 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7005949"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7006069 du 22 juin 2023",
"url": "https://www.ibm.com/support/pages/node/7006069"
}
]
}
CERTFR-2024-AVI-1051
Vulnerability from certfr_avis - Published: 2024-12-06 - Updated: 2024-12-06
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | VIOS | VIOS version 3.1 sans le correctif invscout_fix7.tar | ||
| IBM | AIX | AIX version 7.3 sans le correctif invscout_fix7.tar | ||
| IBM | Cognos Controller | Cognos Controller versions 11.0.x antérieures à 11.0.1 FP3 | ||
| IBM | AIX | AIX version 7.2 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.2.x antérieures à 6.2.2.2 | ||
| IBM | QRadar Use Case Manager App | QRadar Use Case Manager App versions antérieures à 4.0.0 | ||
| IBM | Sterling Partner Engagement Manager Essentials Edition | Sterling Partner Engagement Manager Essentials Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.1.x antérieures à 6.1.2.10 | ||
| IBM | VIOS | VIOS version 4.1 sans le correctif invscout_fix7.tar | ||
| IBM | Sterling Partner Engagement Manager Standard Edition | Sterling Partner Engagement Manager Standard Edition versions 6.2.x antérieures à 6.2.3.2 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VIOS version 3.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.3 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Controller versions 11.0.x ant\u00e9rieures \u00e0 11.0.1 FP3",
"product": {
"name": "Cognos Controller",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "AIX version 7.2 sans le correctif invscout_fix7.tar",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.2.2",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Use Case Manager App versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "QRadar Use Case Manager App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Essentials Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Essentials Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.1.x ant\u00e9rieures \u00e0 6.1.2.10",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "VIOS version 4.1 sans le correctif invscout_fix7.tar",
"product": {
"name": "VIOS",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Partner Engagement Manager Standard Edition versions 6.2.x ant\u00e9rieures \u00e0 6.2.3.2",
"product": {
"name": "Sterling Partner Engagement Manager Standard Edition",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-20919",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20919"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2024-47115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47115"
},
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-32213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
},
{
"name": "CVE-2021-22959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22959"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-25020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25020"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2022-35256",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2024-20926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2024-41777",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41777"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2021-22940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22940"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2021-22930",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22930"
},
{
"name": "CVE-2024-25035",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25035"
},
{
"name": "CVE-2024-20921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2021-22918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22918"
},
{
"name": "CVE-2023-22081",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2021-22939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22939"
},
{
"name": "CVE-2021-44532",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44532"
},
{
"name": "CVE-2024-26308",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
},
{
"name": "CVE-2022-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0155"
},
{
"name": "CVE-2021-22960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22960"
},
{
"name": "CVE-2024-41776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41776"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2024-25019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25019"
},
{
"name": "CVE-2022-32222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
},
{
"name": "CVE-2023-22067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
},
{
"name": "CVE-2022-32212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2021-22921",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22921"
},
{
"name": "CVE-2022-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
},
{
"name": "CVE-2024-25710",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
},
{
"name": "CVE-2021-29892",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29892"
},
{
"name": "CVE-2024-45676",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45676"
},
{
"name": "CVE-2023-49735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-49735"
},
{
"name": "CVE-2024-40691",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40691"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2022-32215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
},
{
"name": "CVE-2023-33850",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
},
{
"name": "CVE-2023-2597",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
},
{
"name": "CVE-2023-22045",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22045"
},
{
"name": "CVE-2024-41775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41775"
},
{
"name": "CVE-2023-22049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2020-28500",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28500"
},
{
"name": "CVE-2021-22931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22931"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2021-44533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44533"
},
{
"name": "CVE-2023-5676",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2024-28863",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
},
{
"name": "CVE-2020-8203",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8203"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2022-32214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32214"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2024-30171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
},
{
"name": "CVE-2022-21824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21824"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2024-20918",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
},
{
"name": "CVE-2022-35255",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
},
{
"name": "CVE-2024-25036",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25036"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2021-44531",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44531"
},
{
"name": "CVE-2024-20945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
},
{
"name": "CVE-2023-39332",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39332"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2022-32223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32223"
},
{
"name": "CVE-2023-26159",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26159"
},
{
"name": "CVE-2024-20952",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
}
],
"initial_release_date": "2024-12-06T00:00:00",
"last_revision_date": "2024-12-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-1051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178033",
"url": "https://www.ibm.com/support/pages/node/7178033"
},
{
"published_at": "2024-12-06",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7178054",
"url": "https://www.ibm.com/support/pages/node/7178054"
},
{
"published_at": "2024-12-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177220",
"url": "https://www.ibm.com/support/pages/node/7177220"
},
{
"published_at": "2024-12-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7177981",
"url": "https://www.ibm.com/support/pages/node/7177981"
}
]
}
cleanstart-2026-bd71263
Vulnerability from cleanstart
Published
2026-04-01 09:17
Modified
2026-03-26 17:04
Summary
Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0
Details
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-BD71263",
"modified": "2026-03-26T17:04:08Z",
"published": "2026-04-01T09:17:26.065920Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BD71263.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
cleanstart-2026-is74202
Vulnerability from cleanstart
Published
2026-04-01 09:09
Modified
2026-03-31 04:38
Summary
Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0
Details
Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nodejs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nodejs package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-IS74202",
"modified": "2026-03-31T04:38:08Z",
"published": "2026-04-01T09:09:55.185988Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-IS74202.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-37372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15896"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0734"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0735"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000168"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15604"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15605"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15606"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5737"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9514"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9517"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9518"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11080"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8172"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8174"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8201"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8265"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8277"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8287"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22930"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22931"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22959"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3672"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43803"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44531"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44532"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32212"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32213"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32214"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32215"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35255"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35256"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3602"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43548"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23918"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23919"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23920"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23936"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24807"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39333"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22018"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22020"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27982"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27983"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37372"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2017-14919, CVE-2017-15896, CVE-2018-0734, CVE-2018-0735, CVE-2018-1000168, CVE-2018-12121, CVE-2018-12122, CVE-2018-7160, CVE-2018-7161, CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-5737, CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518, CVE-2020-11080, CVE-2020-7774, CVE-2020-8172, CVE-2020-8174, CVE-2020-8201, CVE-2020-8252, CVE-2020-8265, CVE-2020-8277, CVE-2020-8287, CVE-2021-21148, CVE-2021-22930, CVE-2021-22931, CVE-2021-22959, CVE-2021-22960, CVE-2021-3672, CVE-2021-43803, CVE-2021-44531, CVE-2021-44532, CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215, CVE-2022-35255, CVE-2022-35256, CVE-2022-3602, CVE-2022-43548, CVE-2023-23918, CVE-2023-23919, CVE-2023-23920, CVE-2023-23936, CVE-2023-24807, CVE-2023-39333, CVE-2023-44487, CVE-2024-22018, CVE-2024-22020, CVE-2024-27982, CVE-2024-27983, CVE-2024-36138, CVE-2024-37372 applied in versions: 10.14.0-r0, 10.15.3-r0, 10.16.3-r0, 12.15.0-r0, 12.18.0-r0, 12.18.4-r0, 14.15.1-r0, 14.15.4-r0, 14.15.5-r0, 14.16.0-r0, 14.16.1-r0, 14.17.4-r0, 14.17.5-r0, 14.17.6-r0, 14.18.1-r0, 16.13.2-r0, 16.17.1-r0, 18.12.1-r0, 18.14.1-r0, 18.17.1-r0, 18.18.2-r0, 20.12.1-r0, 20.15.1-r0, 6.11.1-r0, 6.11.5-r0, 8.11.0-r0, 8.11.3-r0, 8.11.4-r0, 8.9.3-r0",
"upstream": [
"CVE-2017-14919",
"CVE-2017-15896",
"CVE-2018-0734",
"CVE-2018-0735",
"CVE-2018-1000168",
"CVE-2018-12121",
"CVE-2018-12122",
"CVE-2018-7160",
"CVE-2018-7161",
"CVE-2019-15604",
"CVE-2019-15605",
"CVE-2019-15606",
"CVE-2019-5737",
"CVE-2019-9511",
"CVE-2019-9512",
"CVE-2019-9513",
"CVE-2019-9514",
"CVE-2019-9515",
"CVE-2019-9516",
"CVE-2019-9517",
"CVE-2019-9518",
"CVE-2020-11080",
"CVE-2020-7774",
"CVE-2020-8172",
"CVE-2020-8174",
"CVE-2020-8201",
"CVE-2020-8252",
"CVE-2020-8265",
"CVE-2020-8277",
"CVE-2020-8287",
"CVE-2021-21148",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22959",
"CVE-2021-22960",
"CVE-2021-3672",
"CVE-2021-43803",
"CVE-2021-44531",
"CVE-2021-44532",
"CVE-2022-32212",
"CVE-2022-32213",
"CVE-2022-32214",
"CVE-2022-32215",
"CVE-2022-35255",
"CVE-2022-35256",
"CVE-2022-3602",
"CVE-2022-43548",
"CVE-2023-23918",
"CVE-2023-23919",
"CVE-2023-23920",
"CVE-2023-23936",
"CVE-2023-24807",
"CVE-2023-39333",
"CVE-2023-44487",
"CVE-2024-22018",
"CVE-2024-22020",
"CVE-2024-27982",
"CVE-2024-27983",
"CVE-2024-36138",
"CVE-2024-37372"
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…