Vulnerability-Lookup

CVE-2023-43642 (GCVE-0-2023-43642)

Vulnerability from cvelistv5 – Published: 2023-09-25 19:03 – Updated: 2024-09-24 15:26

Title

Missing upper bound check on chunk length in snappy-java

Summary

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: poc Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/xerial/snappy-java/security/ad…	x_refsource_CONFIRM
https://github.com/xerial/snappy-java/commit/9f8c…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
xerial	snappy-java	Affected: < 1.1.10.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:44:43.818Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
          },
          {
            "name": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-43642",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-24T15:26:43.352715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-24T15:26:53.851Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "snappy-java",
          "vendor": "xerial",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.1.10.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-25T19:03:49.145Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
        },
        {
          "name": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5"
        }
      ],
      "source": {
        "advisory": "GHSA-55g7-9cwv-5qfv",
        "discovery": "UNKNOWN"
      },
      "title": "Missing upper bound check on chunk length in snappy-java "
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-43642",
    "datePublished": "2023-09-25T19:03:49.145Z",
    "dateReserved": "2023-09-20T15:35:38.146Z",
    "dateUpdated": "2024-09-24T15:26:53.851Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-43642",
      "date": "2026-06-05",
      "epss": "0.00247",
      "percentile": "0.4818"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-43642\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-09-25T20:15:11.723\",\"lastModified\":\"2024-11-21T08:24:31.663\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.\"},{\"lang\":\"es\",\"value\":\"snappy-java es una adaptaci\u00f3n Java de snappy, un r\u00e1pido compresor/descompresor de C++ desarrollado por Google. Se descubri\u00f3 que SnappyInputStream era vulnerable a ataques de denegaci\u00f3n de servicio (DoS) al descomprimir datos con un tama\u00f1o de fragmento demasiado grande. Debido a que falta la verificaci\u00f3n del l\u00edmite superior en la longitud del fragmento, puede ocurrir un error fatal irrecuperable. Todas las versiones de snappy-java, incluida la \u00faltima versi\u00f3n 1.1.10.3, son vulnerables a este problema.\\nSe introdujo una soluci\u00f3n en el commit `9f8c3cf74` que se incluir\u00e1 en la versi\u00f3n 1.1.10.4.\\nSe recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar solo deben aceptar datos comprimidos de fuentes confiables.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xerial:snappy-java:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.1.10.4\",\"matchCriteriaId\":\"A4D939A7-FF7A-4C6D-A2B5-D9D3C9D02023\"}]}]}],\"references\":[{\"url\":\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\"]},{\"url\":\"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Missing upper bound check on chunk length in snappy-java \", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-770\", \"lang\": \"en\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"}, {\"name\": \"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"}], \"affected\": [{\"vendor\": \"xerial\", \"product\": \"snappy-java\", \"versions\": [{\"version\": \"\u003c 1.1.10.4\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-09-25T19:03:49.145Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.\"}], \"source\": {\"advisory\": \"GHSA-55g7-9cwv-5qfv\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:44:43.818Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv\"}, {\"name\": \"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-43642\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-24T15:26:43.352715Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-24T15:26:48.843Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-43642\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2023-09-20T15:35:38.146Z\", \"datePublished\": \"2023-09-25T19:03:49.145Z\", \"dateUpdated\": \"2024-09-24T15:26:53.851Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0021

Vulnerability from certfr_avis - Published: 2025-01-10 - Updated: 2025-01-10

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Security QRadar EDR	Security QRadar EDR versions antérieures à 3.12.14
IBM	Spectrum	Spectrum Control versions 5.4.x antérieures à 5.4.13
IBM	Spectrum	Spectrum Protect Plus versions 10.1.x antérieures à 10.1.6.4 pour Linux
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x sans les derniers correctifs de sécurité
IBM	QRadar	QRadar Analyst Workflow versions antérieures à 2.34.0
IBM	Db2	Db2 Big SQL versions antérieures à 7.4.2 pour Cloud Pak for Data

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7180462	2025-01-08	vendor-advisory
Bulletin de sécurité IBM 7180361	2025-01-07	vendor-advisory
Bulletin de sécurité IBM 7180282	2025-01-04	vendor-advisory
Bulletin de sécurité IBM 7180314	2025-01-06	vendor-advisory
Bulletin de sécurité IBM 7180450	2025-01-09	vendor-advisory
Bulletin de sécurité IBM 7180545	2025-01-08	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.14",
      "product": {
        "name": "Security QRadar EDR",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Control versions 5.4.x ant\u00e9rieures \u00e0 5.4.13 ",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Spectrum Protect Plus versions 10.1.x ant\u00e9rieures \u00e0 10.1.6.4 pour Linux",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar SIEM versions 7.5.x sans les derniers correctifs de s\u00e9curit\u00e9 ",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 2.34.0",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Big SQL versions ant\u00e9rieures \u00e0 7.4.2 pour Cloud Pak for Data",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2023-52471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52471"
    },
    {
      "name": "CVE-2024-36889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36889"
    },
    {
      "name": "CVE-2015-2156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2156"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2024-42246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42246"
    },
    {
      "name": "CVE-2024-22020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22020"
    },
    {
      "name": "CVE-2024-26614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26614"
    },
    {
      "name": "CVE-2022-25869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25869"
    },
    {
      "name": "CVE-2024-9355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9355"
    },
    {
      "name": "CVE-2023-26116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26116"
    },
    {
      "name": "CVE-2024-26595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26595"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-26586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26586"
    },
    {
      "name": "CVE-2024-26638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26638"
    },
    {
      "name": "CVE-2024-47831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47831"
    },
    {
      "name": "CVE-2020-7238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7238"
    },
    {
      "name": "CVE-2021-46939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46939"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-36886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36886"
    },
    {
      "name": "CVE-2021-32036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32036"
    },
    {
      "name": "CVE-2024-26802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26802"
    },
    {
      "name": "CVE-2024-36883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36883"
    },
    {
      "name": "CVE-2024-26665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26665"
    },
    {
      "name": "CVE-2024-40960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40960"
    },
    {
      "name": "CVE-2024-40997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40997"
    },
    {
      "name": "CVE-2023-44270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44270"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2024-26645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26645"
    },
    {
      "name": "CVE-2024-42240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42240"
    },
    {
      "name": "CVE-2024-40972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40972"
    },
    {
      "name": "CVE-2024-29025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29025"
    },
    {
      "name": "CVE-2024-40959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40959"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-45590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2024-43796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
    },
    {
      "name": "CVE-2021-32040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32040"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2024-40974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40974"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2024-42124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42124"
    },
    {
      "name": "CVE-2023-26117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26117"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2023-52486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52486"
    },
    {
      "name": "CVE-2014-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0193"
    },
    {
      "name": "CVE-2022-21680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21680"
    },
    {
      "name": "CVE-2024-39502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39502"
    },
    {
      "name": "CVE-2024-36005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
    },
    {
      "name": "CVE-2024-26929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
    },
    {
      "name": "CVE-2019-14863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14863"
    },
    {
      "name": "CVE-2023-52683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52683"
    },
    {
      "name": "CVE-2024-42131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42131"
    },
    {
      "name": "CVE-2024-35944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35944"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2023-52469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52469"
    },
    {
      "name": "CVE-2024-35809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35809"
    },
    {
      "name": "CVE-2024-47764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
    },
    {
      "name": "CVE-2023-52809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52809"
    },
    {
      "name": "CVE-2023-52451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52451"
    },
    {
      "name": "CVE-2024-39472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39472"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-45296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-26733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26733"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2024-40998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40998"
    },
    {
      "name": "CVE-2022-46751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751"
    },
    {
      "name": "CVE-2023-52470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2020-7676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7676"
    },
    {
      "name": "CVE-2024-40995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40995"
    },
    {
      "name": "CVE-2023-26118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26118"
    },
    {
      "name": "CVE-2024-42238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42238"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2024-43830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43830"
    },
    {
      "name": "CVE-2024-39501",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39501"
    },
    {
      "name": "CVE-2023-52730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52730"
    },
    {
      "name": "CVE-2024-42090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42090"
    },
    {
      "name": "CVE-2024-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26960"
    },
    {
      "name": "CVE-2024-40901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40901"
    },
    {
      "name": "CVE-2021-47321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-47321"
    },
    {
      "name": "CVE-2024-26640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26640"
    },
    {
      "name": "CVE-2024-40954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2024-22018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22018"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2024-47874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47874"
    },
    {
      "name": "CVE-2024-42322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42322"
    },
    {
      "name": "CVE-2024-27019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27019"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2024-41055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41055"
    },
    {
      "name": "CVE-2024-41076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41076"
    },
    {
      "name": "CVE-2024-39506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39506"
    },
    {
      "name": "CVE-2024-40978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40978"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2019-10768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10768"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2024-41044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41044"
    },
    {
      "name": "CVE-2024-40958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
    },
    {
      "name": "CVE-2024-26717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26717"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2024-42152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42152"
    },
    {
      "name": "CVE-2024-39499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39499"
    },
    {
      "name": "CVE-2024-36006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36006"
    },
    {
      "name": "CVE-2023-52476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52476"
    },
    {
      "name": "CVE-2023-52463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52463"
    },
    {
      "name": "CVE-2024-41064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41064"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2023-52530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52530"
    },
    {
      "name": "CVE-2024-36000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36000"
    },
    {
      "name": "CVE-2024-26855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26855"
    },
    {
      "name": "CVE-2019-16869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
    },
    {
      "name": "CVE-2022-21681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21681"
    },
    {
      "name": "CVE-2024-42237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42237"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-27011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27011"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    }
  ],
  "initial_release_date": "2025-01-10T00:00:00",
  "last_revision_date": "2025-01-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180462",
      "url": "https://www.ibm.com/support/pages/node/7180462"
    },
    {
      "published_at": "2025-01-07",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180361",
      "url": "https://www.ibm.com/support/pages/node/7180361"
    },
    {
      "published_at": "2025-01-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180282",
      "url": "https://www.ibm.com/support/pages/node/7180282"
    },
    {
      "published_at": "2025-01-06",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180314",
      "url": "https://www.ibm.com/support/pages/node/7180314"
    },
    {
      "published_at": "2025-01-09",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180450",
      "url": "https://www.ibm.com/support/pages/node/7180450"
    },
    {
      "published_at": "2025-01-08",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7180545",
      "url": "https://www.ibm.com/support/pages/node/7180545"
    }
  ]
}

CERTFR-2025-AVI-0760

Vulnerability from certfr_avis - Published: 2025-09-05 - Updated: 2025-09-05

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	User Entity Behavior Analytics pour IBM QRadar SIEM versions antérieures à 5.0.1
IBM	WebSphere	IBM Common Licensing pour Websphere Liberty Agent versions 9.0.x antérieures à 9.0.0.2
IBM	Db2	Db2 on Cloud Pak for Data versions antérieures à v5.2.1
IBM	WebSphere	IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de sécurité APAR PH67137 et APAR PH67132
IBM	WebSphere	Engineering Test Management versions 7.0.2 et 7.0.3 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité
IBM	WebSphere	Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité
IBM	WebSphere	IBM Common Licensing pour Websphere Liberty ART versions 9.0.x antérieures à 9.0.0.2
IBM	WebSphere	Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.0.8 sans le dernier correctif de sécurité
IBM	WebSphere	Cloud Pak for Applications versions 5.1 à 5.3 pour WebSphere Application Server Liberty sans les correctifs de sécurité APAR PH67132 et APAR PH67137
IBM	WebSphere	Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalités jsonp sans le dernier correctif de sécurité
IBM	WebSphere	WebSphere Hybrid Edition version 5.1 sans les correctifs de sécurité APAR PH67137, APAR PH67132,
IBM	Db2	Db2 Warehouse on Cloud Pak for Data versions antérieures à v5.2.1

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7243927	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243923	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243924	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7244012	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243659	2025-09-01	vendor-advisory
Bulletin de sécurité IBM 7244002	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243582	2025-08-29	vendor-advisory
Bulletin de sécurité IBM 7243928	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243925	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7244010	2025-09-04	vendor-advisory
Bulletin de sécurité IBM 7243922	2025-09-03	vendor-advisory
Bulletin de sécurité IBM 7243673	2025-09-01	vendor-advisory
Bulletin de sécurité IBM 7243877	2025-09-03	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "User Entity Behavior Analytics pour IBM QRadar SIEM versions ant\u00e9rieures \u00e0 5.0.1",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Common Licensing pour Websphere Liberty Agent versions  9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Enterprise Application Runtimes pour WebSphere Application Server version 1.0 sans les correctif de s\u00e9curit\u00e9 APAR PH67137 et  APAR PH67132",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Test Management versions 7.0.2 et 7.0.3  pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Lifecycle Management 7.0.2 et 7.0.3 pour WebSphere Application Server Liberty  versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Common Licensing pour Websphere Liberty ART versions 9.0.x ant\u00e9rieures \u00e0 9.0.0.2",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Lifecycle Management 7.1 pour WebSphere Application Server Liberty  versions 17.0.0.3 \u00e0 25.0.0.8 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Pak for Applications versions 5.1 \u00e0 5.3 pour WebSphere Application Server Liberty sans les correctifs de s\u00e9curit\u00e9 APAR PH67132 et APAR PH67137",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Engineering Test Management versions 7.1 pour WebSphere Application Server 8.5 et 9.0 sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server and WebSphere Application Server Liberty, avec les fonctionnalit\u00e9s jsonp sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Hybrid Edition version 5.1 sans les correctifs de s\u00e9curit\u00e9 APAR PH67137, APAR PH67132,",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Db2 Warehouse on Cloud Pak for Data versions ant\u00e9rieures \u00e0 v5.2.1",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-31129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
    },
    {
      "name": "CVE-2025-53547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2025-0755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0755"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-27516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
    },
    {
      "name": "CVE-2024-55565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
    },
    {
      "name": "CVE-2024-51473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51473"
    },
    {
      "name": "CVE-2015-5237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5237"
    },
    {
      "name": "CVE-2025-3445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3445"
    },
    {
      "name": "CVE-2025-32386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32386"
    },
    {
      "name": "CVE-2025-46762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
    },
    {
      "name": "CVE-2025-32421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32421"
    },
    {
      "name": "CVE-2016-4055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4055"
    },
    {
      "name": "CVE-2024-43799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
    },
    {
      "name": "CVE-2024-49766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49766"
    },
    {
      "name": "CVE-2024-45492",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45492"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2024-56326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
    },
    {
      "name": "CVE-2025-22004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22004"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-30472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30472"
    },
    {
      "name": "CVE-2025-24528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
    },
    {
      "name": "CVE-2024-45813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
    },
    {
      "name": "CVE-2022-36364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36364"
    },
    {
      "name": "CVE-2023-5868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
    },
    {
      "name": "CVE-2025-48050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2025-33092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33092"
    },
    {
      "name": "CVE-2024-51479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2023-39417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39417"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2024-0406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0406"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-33143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33143"
    },
    {
      "name": "CVE-2021-3393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3393"
    },
    {
      "name": "CVE-2025-2533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-2533"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2023-5870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
    },
    {
      "name": "CVE-2024-4067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
    },
    {
      "name": "CVE-2025-36097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36097"
    },
    {
      "name": "CVE-2024-45490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45490"
    },
    {
      "name": "CVE-2025-36010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36010"
    },
    {
      "name": "CVE-2025-36047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36047"
    },
    {
      "name": "CVE-2024-45491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45491"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2022-49846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49846"
    },
    {
      "name": "CVE-2025-32462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2023-5869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
    },
    {
      "name": "CVE-2024-8184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
    },
    {
      "name": "CVE-2025-48068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
    },
    {
      "name": "CVE-2024-48949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2025-33114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33114"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-27152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
    },
    {
      "name": "CVE-2022-41862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41862"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-21966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21966"
    },
    {
      "name": "CVE-2023-22467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
    },
    {
      "name": "CVE-2022-24823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-48948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2019-9193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9193"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2024-6763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6763"
    },
    {
      "name": "CVE-2025-48976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-56332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56332"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-37799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37799"
    },
    {
      "name": "CVE-2022-24785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24785"
    },
    {
      "name": "CVE-2024-56201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2023-26133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26133"
    },
    {
      "name": "CVE-2024-6484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2023-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
    },
    {
      "name": "CVE-2024-9823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9823"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2024-56339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56339"
    },
    {
      "name": "CVE-2024-49767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49767"
    },
    {
      "name": "CVE-2022-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1552"
    },
    {
      "name": "CVE-2024-49828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49828"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2025-29927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
    },
    {
      "name": "CVE-2025-32387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32387"
    },
    {
      "name": "CVE-2024-43800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2017-18214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18214"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2023-2455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2025-36071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-36071"
    },
    {
      "name": "CVE-2025-37749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37749"
    },
    {
      "name": "CVE-2024-0985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2024-6827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6827"
    },
    {
      "name": "CVE-2023-52933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52933"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2022-2625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2625"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2024-6762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6762"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2024-52894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52894"
    },
    {
      "name": "CVE-2025-21759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21759"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2025-21887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21887"
    },
    {
      "name": "CVE-2025-6442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2024-51504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51504"
    },
    {
      "name": "CVE-2022-41881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2025-21756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21756"
    },
    {
      "name": "CVE-2018-1000873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000873"
    },
    {
      "name": "CVE-2023-32305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32305"
    },
    {
      "name": "CVE-2025-47287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47287"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    }
  ],
  "initial_release_date": "2025-09-05T00:00:00",
  "last_revision_date": "2025-09-05T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0760",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
    },
    {
      "description": "Injection SQL (SQLi)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243927",
      "url": "https://www.ibm.com/support/pages/node/7243927"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243923",
      "url": "https://www.ibm.com/support/pages/node/7243923"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243924",
      "url": "https://www.ibm.com/support/pages/node/7243924"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244012",
      "url": "https://www.ibm.com/support/pages/node/7244012"
    },
    {
      "published_at": "2025-09-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243659",
      "url": "https://www.ibm.com/support/pages/node/7243659"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244002",
      "url": "https://www.ibm.com/support/pages/node/7244002"
    },
    {
      "published_at": "2025-08-29",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243582",
      "url": "https://www.ibm.com/support/pages/node/7243582"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243928",
      "url": "https://www.ibm.com/support/pages/node/7243928"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243925",
      "url": "https://www.ibm.com/support/pages/node/7243925"
    },
    {
      "published_at": "2025-09-04",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7244010",
      "url": "https://www.ibm.com/support/pages/node/7244010"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243922",
      "url": "https://www.ibm.com/support/pages/node/7243922"
    },
    {
      "published_at": "2025-09-01",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243673",
      "url": "https://www.ibm.com/support/pages/node/7243673"
    },
    {
      "published_at": "2025-09-03",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7243877",
      "url": "https://www.ibm.com/support/pages/node/7243877"
    }
  ]
}

CERTFR-2025-AVI-1137

Vulnerability from certfr_avis - Published: 2025-12-26 - Updated: 2025-12-26

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Security QRadar Network Threat	Security QRadar Network Threat Analytics versions postérieures ou égales à 1.3.1 et antérieures à 1.4.2
IBM	QRadar SIEM	Security QRadar Analyst Workflow versions postérieures à 2.32.0 et antérieures à 3.0.1
IBM	Sterling Connect:Direct	Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x antérieures à 1.4.0.5_iFix002
IBM	Sterling Connect:Direct	Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions postérieures à 1.4.0.2 et antérieures à 1.4.0.5_iFix001
IBM	WebSphere	WebSphere Service Registry and Repository Studio versions 8.5.x antérieures à V8.5.6.3_IJ56659
IBM	Db2	Db2 Big SQL versions postérieures à 7.2.x sur Cloud Pack for Data 4.x versions antérieures à 7.7.3 sur Cloud Pack for Data 5.0.3
IBM	WebSphere	WebSphere Service Registry and Repository sans les derniers correctifs de sécurité
IBM	Security QRadar SIEM	QRadar User Behavior Analytics versions postérieurs à 4.1.15 et antérieures à 5.0.3

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7255497	2025-12-19	vendor-advisory
Bulletin de sécurité IBM 7255727	2025-12-23	vendor-advisory
Bulletin de sécurité IBM 7255495	2025-12-19	vendor-advisory
Bulletin de sécurité IBM 7255496	2025-12-19	vendor-advisory
Bulletin de sécurité IBM 7255723	2025-12-23	vendor-advisory
Bulletin de sécurité IBM 7255557	2025-12-22	vendor-advisory
Bulletin de sécurité IBM 7255410	2025-12-19	vendor-advisory
Bulletin de sécurité IBM 7255729	2025-12-23	vendor-advisory
Bulletin de sécurité IBM 7255556	2025-12-22	vendor-advisory
Bulletin de sécurité IBM 7255731	2025-12-23	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Security QRadar Network Threat Analytics versions post\u00e9rieures ou \u00e9gales \u00e0 1.3.1 et ant\u00e9rieures \u00e0 1.4.2",
      "product": {
        "name": "Security QRadar Network Threat",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Security QRadar Analyst Workflow versions post\u00e9rieures \u00e0 2.32.0 et ant\u00e9rieures \u00e0 3.0.1",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct File Agent pour Solaris SPARC versions 1.4.x ant\u00e9rieures \u00e0 1.4.0.5_iFix002 ",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct File Agent pour AIX, Linux x64, Linux PPC et Windows versions post\u00e9rieures \u00e0 1.4.0.2 et ant\u00e9rieures \u00e0 1.4.0.5_iFix001",
      "product": {
        "name": "Sterling Connect:Direct",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository Studio versions 8.5.x ant\u00e9rieures \u00e0  V8.5.6.3_IJ56659",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": " Db2 Big SQL versions post\u00e9rieures \u00e0 7.2.x sur Cloud Pack for Data 4.x versions ant\u00e9rieures \u00e0 7.7.3 sur Cloud Pack for Data 5.0.3",
      "product": {
        "name": "Db2",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Service Registry and Repository sans les derniers correctifs de s\u00e9curit\u00e9",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "QRadar User Behavior Analytics versions post\u00e9rieurs \u00e0 4.1.15 et ant\u00e9rieures \u00e0 5.0.3",
      "product": {
        "name": "Security QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2023-38264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2025-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4447"
    },
    {
      "name": "CVE-2024-20926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20926"
    },
    {
      "name": "CVE-2023-46167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46167"
    },
    {
      "name": "CVE-2025-47279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47279"
    },
    {
      "name": "CVE-2023-45178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45178"
    },
    {
      "name": "CVE-2021-23440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23440"
    },
    {
      "name": "CVE-2023-47701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47701"
    },
    {
      "name": "CVE-2023-40687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40687"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2024-20921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20921"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2025-54798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54798"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2015-8393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8393"
    },
    {
      "name": "CVE-2024-33883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2025-57822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57822"
    },
    {
      "name": "CVE-2025-67779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67779"
    },
    {
      "name": "CVE-2025-55183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55183"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2023-22067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22067"
    },
    {
      "name": "CVE-2025-55173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55173"
    },
    {
      "name": "CVE-2025-48068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48068"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2025-55182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55182"
    },
    {
      "name": "CVE-2025-57752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-57752"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2023-40692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40692"
    },
    {
      "name": "CVE-2023-38003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38003"
    },
    {
      "name": "CVE-2025-21587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21587"
    },
    {
      "name": "CVE-2022-37434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2025-9288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
    },
    {
      "name": "CVE-2023-33850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33850"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
    },
    {
      "name": "CVE-2025-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30698"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2023-38727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38727"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2023-29258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-29258"
    },
    {
      "name": "CVE-2025-29927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29927"
    },
    {
      "name": "CVE-2023-5676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
    },
    {
      "name": "CVE-2002-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-0059"
    },
    {
      "name": "CVE-2023-43020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43020"
    },
    {
      "name": "CVE-2024-39338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2023-32731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32731"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2024-20918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20918"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2025-64756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2024-21085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
    },
    {
      "name": "CVE-2024-20945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20945"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2025-55184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55184"
    },
    {
      "name": "CVE-2024-20952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-20952"
    }
  ],
  "initial_release_date": "2025-12-26T00:00:00",
  "last_revision_date": "2025-12-26T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1137",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-12-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-12-19",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255497",
      "url": "https://www.ibm.com/support/pages/node/7255497"
    },
    {
      "published_at": "2025-12-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255727",
      "url": "https://www.ibm.com/support/pages/node/7255727"
    },
    {
      "published_at": "2025-12-19",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255495",
      "url": "https://www.ibm.com/support/pages/node/7255495"
    },
    {
      "published_at": "2025-12-19",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255496",
      "url": "https://www.ibm.com/support/pages/node/7255496"
    },
    {
      "published_at": "2025-12-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255723",
      "url": "https://www.ibm.com/support/pages/node/7255723"
    },
    {
      "published_at": "2025-12-22",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255557",
      "url": "https://www.ibm.com/support/pages/node/7255557"
    },
    {
      "published_at": "2025-12-19",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255410",
      "url": "https://www.ibm.com/support/pages/node/7255410"
    },
    {
      "published_at": "2025-12-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255729",
      "url": "https://www.ibm.com/support/pages/node/7255729"
    },
    {
      "published_at": "2025-12-22",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255556",
      "url": "https://www.ibm.com/support/pages/node/7255556"
    },
    {
      "published_at": "2025-12-23",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7255731",
      "url": "https://www.ibm.com/support/pages/node/7255731"
    }
  ]
}

CERTFR-2026-AVI-0500

Vulnerability from certfr_avis - Published: 2026-04-27 - Updated: 2026-04-27

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	VMware	N/A	Tanzu Greenplum Platform Extension Framework versions antérieures à 8.0.0
	VMware	N/A	Tanzu Data Lake versions antérieures à 4.0.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 37405	2026-04-24	vendor-advisory
Bulletin de sécurité VMware 37404	2026-04-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu Greenplum Platform Extension Framework versions ant\u00e9rieures \u00e0 8.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Data Lake versions ant\u00e9rieures \u00e0 4.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2019-12384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12384"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2026-2229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
    },
    {
      "name": "CVE-2018-19362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
    },
    {
      "name": "CVE-2026-33871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
    },
    {
      "name": "CVE-2026-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
    },
    {
      "name": "CVE-2026-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3449"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2021-21409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
    },
    {
      "name": "CVE-2026-22036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2022-46175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
    },
    {
      "name": "CVE-2026-24098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24098"
    },
    {
      "name": "CVE-2018-14719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
    },
    {
      "name": "CVE-2026-24734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24734"
    },
    {
      "name": "CVE-2021-0341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
    },
    {
      "name": "CVE-2025-66614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2025-56200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-56200"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2020-35728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35728"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2026-1527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2026-41239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41239"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2022-37603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37603"
    },
    {
      "name": "CVE-2023-34610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34610"
    },
    {
      "name": "CVE-2024-47561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2022-25883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
    },
    {
      "name": "CVE-2026-34486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34486"
    },
    {
      "name": "CVE-2026-1525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
    },
    {
      "name": "CVE-2018-1320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1320"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2026-29145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29145"
    },
    {
      "name": "CVE-2025-24970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
    },
    {
      "name": "CVE-2025-49128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49128"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2018-14718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
    },
    {
      "name": "CVE-2020-10650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
    },
    {
      "name": "CVE-2025-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1647"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2026-23745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
    },
    {
      "name": "CVE-2025-7962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7962"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2023-34462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462"
    },
    {
      "name": "CVE-2026-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2023-33202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33202"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2023-26115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
    },
    {
      "name": "CVE-2025-54550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54550"
    },
    {
      "name": "CVE-2025-54920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54920"
    },
    {
      "name": "CVE-2024-34447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34447"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2025-33042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33042"
    },
    {
      "name": "CVE-2024-11831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2026-34500",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34500"
    },
    {
      "name": "CVE-2025-9624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9624"
    },
    {
      "name": "CVE-2026-34043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34043"
    },
    {
      "name": "CVE-2024-26308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26308"
    },
    {
      "name": "CVE-2025-64718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
    },
    {
      "name": "CVE-2020-11113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113"
    },
    {
      "name": "CVE-2025-62718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
    },
    {
      "name": "CVE-2026-4800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
    },
    {
      "name": "CVE-2026-33671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33671"
    },
    {
      "name": "CVE-2026-33532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33532"
    },
    {
      "name": "CVE-2025-68470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68470"
    },
    {
      "name": "CVE-2025-67721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67721"
    },
    {
      "name": "CVE-2024-23454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23454"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2026-33750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33750"
    },
    {
      "name": "CVE-2025-66236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66236"
    },
    {
      "name": "CVE-2020-10969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969"
    },
    {
      "name": "CVE-2024-48910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-48910"
    },
    {
      "name": "CVE-2024-8184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8184"
    },
    {
      "name": "CVE-2025-11143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
    },
    {
      "name": "CVE-2026-34480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
    },
    {
      "name": "CVE-2025-52999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52999"
    },
    {
      "name": "CVE-2025-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
    },
    {
      "name": "CVE-2026-33228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
    },
    {
      "name": "CVE-2025-12758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
    },
    {
      "name": "CVE-2024-21538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2026-40175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
    },
    {
      "name": "CVE-2024-57083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57083"
    },
    {
      "name": "CVE-2022-38749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38749"
    },
    {
      "name": "CVE-2024-23953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23953"
    },
    {
      "name": "CVE-2026-29074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
    },
    {
      "name": "CVE-2025-68161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2026-41240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41240"
    },
    {
      "name": "CVE-2026-26960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2024-53382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
    },
    {
      "name": "CVE-2018-12022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
    },
    {
      "name": "CVE-2024-47554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
    },
    {
      "name": "CVE-2022-37601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37601"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2026-27903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
    },
    {
      "name": "CVE-2021-21295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
    },
    {
      "name": "CVE-2024-45801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2025-27821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27821"
    },
    {
      "name": "CVE-2022-41404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41404"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2024-25710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25710"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2026-22732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
    },
    {
      "name": "CVE-2024-29133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29133"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2026-34487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34487"
    },
    {
      "name": "CVE-2025-27555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27555"
    },
    {
      "name": "CVE-2025-65995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65995"
    },
    {
      "name": "CVE-2022-3517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2021-43797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
    },
    {
      "name": "CVE-2026-24842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2026-23950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2026-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2018-10237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10237"
    },
    {
      "name": "CVE-2019-12814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12814"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2026-32280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
    },
    {
      "name": "CVE-2023-52428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
    },
    {
      "name": "CVE-2025-69873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2024-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2025-68458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68458"
    },
    {
      "name": "CVE-2021-22569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2026-29786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
    },
    {
      "name": "CVE-2025-26791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2026-25854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25854"
    },
    {
      "name": "CVE-2021-22573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22573"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2026-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2332"
    },
    {
      "name": "CVE-2025-58056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
    },
    {
      "name": "CVE-2026-1526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2024-47875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2026-33672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33672"
    },
    {
      "name": "CVE-2020-8908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8908"
    },
    {
      "name": "CVE-2024-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2023-42503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
    },
    {
      "name": "CVE-2024-56373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56373"
    },
    {
      "name": "CVE-2026-25639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2024-28863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28863"
    },
    {
      "name": "CVE-2021-31684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
    },
    {
      "name": "CVE-2022-25857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
    },
    {
      "name": "CVE-2022-38751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38751"
    },
    {
      "name": "CVE-2025-25193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2026-22735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
    },
    {
      "name": "CVE-2025-5889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
    },
    {
      "name": "CVE-2024-30171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171"
    },
    {
      "name": "CVE-2026-24733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
    },
    {
      "name": "CVE-2022-38900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
    },
    {
      "name": "CVE-2025-68157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68157"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2025-27789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2022-38752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38752"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2022-38750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38750"
    },
    {
      "name": "CVE-2021-21290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
    },
    {
      "name": "CVE-2018-11307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
    },
    {
      "name": "CVE-2026-26996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
    },
    {
      "name": "CVE-2020-10968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2025-68675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68675"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2026-34483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34483"
    },
    {
      "name": "CVE-2022-37599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37599"
    },
    {
      "name": "CVE-2026-32141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
    },
    {
      "name": "CVE-2025-59419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59419"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2026-33816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33816"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2026-25219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25219"
    },
    {
      "name": "CVE-2020-11112",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112"
    },
    {
      "name": "CVE-2020-11111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111"
    },
    {
      "name": "CVE-2026-31802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
    },
    {
      "name": "CVE-2025-13465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
    },
    {
      "name": "CVE-2025-22227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22227"
    },
    {
      "name": "CVE-2026-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
    },
    {
      "name": "CVE-2026-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2024-57699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57699"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    },
    {
      "name": "CVE-2025-48734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2026-04-27T00:00:00",
  "last_revision_date": "2026-04-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0500",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37405",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405"
    },
    {
      "published_at": "2026-04-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37404",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404"
    }
  ]
}

CERTFR-2026-AVI-0627

Vulnerability from certfr_avis - Published: 2026-05-21 - Updated: 2026-05-21

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.2.x antérieures à 10.2.3
Splunk	N/A	Splunk AI Toolkit versions 5.7.x antérieures à 5.7.3
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 9.3.2411 antérieures à 9.3.2411.129
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.3.2512 antérieures à 10.3.2512.9
Splunk	Splunk	image Docker Splunk versions 10.2.x antérieures à 10.2.2
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.4.2603 antérieures à 10.4.2603.1
Splunk	Splunk AppDynamics Database Agent	Splunk AppDynamics Database Agent versions antérieures à 26.4.0
Splunk	Splunk	image Docker Splunk versions 9.4.x antérieures à 9.4.10
Splunk	Splunk User Behavior Analytics (UBA)	Splunk User Behavior Analytics versions 5.4.x antérieures à 5.4.5
Splunk	Splunk AppDynamics Private Synthetic Agent	Splunk AppDynamics Private Synthetic Agent versions antérieures à 26.4.0
Splunk	Splunk AppDynamics Analytics Agent	Splunk AppDynamics Analytics Agent versions antérieures à 26.4.0
Splunk	N/A	Splunk AppDynamics Cluster Agent versions antérieures à 26.4.0
Splunk	Splunk AppDynamics Machine Agent	Splunk AppDynamics Machine Agent versions antérieures à 26.4.0
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.2.2510 antérieures à 10.2.2510.11
Splunk	N/A	Splunk AppDynamics Python Agent versions antérieures à 26.4.1
Splunk	Splunk	image Docker Splunk versions 10.0.x antérieures à 10.0.5
Splunk	N/A	Splunk Add-on for Tomcat versions 3.3.x antérieures à 3.3.1
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.1.2507 antérieures à 10.1.2507.21
Splunk	Splunk Enterprise	Splunk Enterprise versions 10.0.x antérieures à 10.0.6
Splunk	N/A	Splunk AppDynamics Apache Web Server Agent versions 25.11.x antérieures à 25.11.1
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.4.x antérieures à 9.4.11
Splunk	Splunk	image Docker Splunk versions 9.3.x antérieures à 9.3.11
Splunk	Splunk Cloud Platform	Splunk Cloud Platform versions 10.0.2503 antérieures à 10.0.2503.13
Splunk	Universal Forwarder	Splunk Universal Forwarder versions 9.4.x antérieures à 9.4.11
Splunk	Splunk Enterprise	Splunk Enterprise versions 9.3.x antérieures à 9.3.12
Splunk	Splunk AppDynamics Java Agent	Splunk AppDynamics Java Agent versions antérieures à 26.4.0

References

Title

Publication Time

Tags

Bulletin de sécurité Splunk SVD-2026-0512	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0513	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0509	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0510	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0505	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0515	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0507	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0506	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0508	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0504	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0514	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0516	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0501	2026-05-13	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0503	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0511	2026-05-20	vendor-advisory
Bulletin de sécurité Splunk SVD-2026-0502	2026-05-20	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Splunk Enterprise versions 10.2.x ant\u00e9rieures \u00e0 10.2.3",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AI Toolkit versions 5.7.x ant\u00e9rieures \u00e0 5.7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 9.3.2411 ant\u00e9rieures \u00e0 9.3.2411.129",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 10.3.2512 ant\u00e9rieures \u00e0 10.3.2512.9",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "image Docker Splunk versions 10.2.x ant\u00e9rieures \u00e0 10.2.2",
      "product": {
        "name": "Splunk",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 10.4.2603 ant\u00e9rieures \u00e0 10.4.2603.1",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Database Agent versions ant\u00e9rieures \u00e0 26.4.0",
      "product": {
        "name": "Splunk AppDynamics Database Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "image Docker Splunk versions 9.4.x ant\u00e9rieures \u00e0 9.4.10",
      "product": {
        "name": "Splunk",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk User Behavior Analytics versions 5.4.x ant\u00e9rieures \u00e0 5.4.5",
      "product": {
        "name": "Splunk User Behavior Analytics (UBA)",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Private Synthetic Agent versions ant\u00e9rieures \u00e0 26.4.0",
      "product": {
        "name": "Splunk AppDynamics Private Synthetic Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Analytics Agent versions ant\u00e9rieures \u00e0 26.4.0",
      "product": {
        "name": "Splunk AppDynamics Analytics Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Cluster Agent versions ant\u00e9rieures \u00e0 26.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Machine Agent versions ant\u00e9rieures \u00e0 26.4.0",
      "product": {
        "name": "Splunk AppDynamics Machine Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 10.2.2510 ant\u00e9rieures \u00e0 10.2.2510.11",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Python Agent versions ant\u00e9rieures \u00e0 26.4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "image Docker Splunk versions 10.0.x ant\u00e9rieures \u00e0 10.0.5",
      "product": {
        "name": "Splunk",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Add-on for Tomcat versions 3.3.x ant\u00e9rieures \u00e0 3.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 10.1.2507 ant\u00e9rieures \u00e0 10.1.2507.21",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 10.0.x ant\u00e9rieures \u00e0 10.0.6",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Apache Web Server Agent versions 25.11.x ant\u00e9rieures \u00e0 25.11.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "image Docker Splunk versions 9.3.x ant\u00e9rieures \u00e0 9.3.11",
      "product": {
        "name": "Splunk",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Cloud Platform versions 10.0.2503 ant\u00e9rieures \u00e0 10.0.2503.13",
      "product": {
        "name": "Splunk Cloud Platform",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Universal Forwarder versions 9.4.x ant\u00e9rieures \u00e0 9.4.11",
      "product": {
        "name": "Universal Forwarder",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk Enterprise versions 9.3.x ant\u00e9rieures \u00e0 9.3.12",
      "product": {
        "name": "Splunk Enterprise",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    },
    {
      "description": "Splunk AppDynamics Java Agent versions ant\u00e9rieures \u00e0 26.4.0",
      "product": {
        "name": "Splunk AppDynamics Java Agent",
        "vendor": {
          "name": "Splunk",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-26007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
    },
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2025-58436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58436"
    },
    {
      "name": "CVE-2018-19361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
    },
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2026-32777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32777"
    },
    {
      "name": "CVE-2025-61730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
    },
    {
      "name": "CVE-2024-5321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5321"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2026-41324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
    },
    {
      "name": "CVE-2024-1597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597"
    },
    {
      "name": "CVE-2026-42308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42308"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2026-21933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
    },
    {
      "name": "CVE-2025-29775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
    },
    {
      "name": "CVE-2026-3543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3543"
    },
    {
      "name": "CVE-2026-21932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
    },
    {
      "name": "CVE-2018-19362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
    },
    {
      "name": "CVE-2025-66199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66199"
    },
    {
      "name": "CVE-2025-15282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
    },
    {
      "name": "CVE-2026-33871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
    },
    {
      "name": "CVE-2026-22737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
    },
    {
      "name": "CVE-2023-43642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43642"
    },
    {
      "name": "CVE-2025-68384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68384"
    },
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2025-58190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58190"
    },
    {
      "name": "CVE-2025-68973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
    },
    {
      "name": "CVE-2026-21637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2026-22801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22801"
    },
    {
      "name": "CVE-2026-42309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42309"
    },
    {
      "name": "CVE-2023-49082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49082"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2026-39892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-39892"
    },
    {
      "name": "CVE-2026-33186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33186"
    },
    {
      "name": "CVE-2018-14719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
    },
    {
      "name": "CVE-2024-4068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-29774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
    },
    {
      "name": "CVE-2025-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
    },
    {
      "name": "CVE-2026-3540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3540"
    },
    {
      "name": "CVE-2024-10220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10220"
    },
    {
      "name": "CVE-2024-45339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
    },
    {
      "name": "CVE-2020-9546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546"
    },
    {
      "name": "CVE-2025-46762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46762"
    },
    {
      "name": "CVE-2023-37920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
    },
    {
      "name": "CVE-2025-68156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68156"
    },
    {
      "name": "CVE-2026-25990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
    },
    {
      "name": "CVE-2026-32288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32288"
    },
    {
      "name": "CVE-2022-45868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45868"
    },
    {
      "name": "CVE-2025-69223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2020-10673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2025-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30065"
    },
    {
      "name": "CVE-2025-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
    },
    {
      "name": "CVE-2024-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
    },
    {
      "name": "CVE-2024-25638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25638"
    },
    {
      "name": "CVE-2025-49146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49146"
    },
    {
      "name": "CVE-2026-34876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34876"
    },
    {
      "name": "CVE-2025-4432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4432"
    },
    {
      "name": "CVE-2023-5590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5590"
    },
    {
      "name": "CVE-2025-11468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
    },
    {
      "name": "CVE-2020-36181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36181"
    },
    {
      "name": "CVE-2020-9548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548"
    },
    {
      "name": "CVE-2020-36182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36182"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2020-24616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24616"
    },
    {
      "name": "CVE-2025-69419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
    },
    {
      "name": "CVE-2025-6075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
    },
    {
      "name": "CVE-2026-27456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27456"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-58060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58060"
    },
    {
      "name": "CVE-2020-36185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36185"
    },
    {
      "name": "CVE-2023-50782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50782"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-61731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2026-1605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1605"
    },
    {
      "name": "CVE-2022-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2026-27143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27143"
    },
    {
      "name": "CVE-2024-47561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
    },
    {
      "name": "CVE-2019-16942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
    },
    {
      "name": "CVE-2026-3061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3061"
    },
    {
      "name": "CVE-2026-27171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27171"
    },
    {
      "name": "CVE-2020-9547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547"
    },
    {
      "name": "CVE-2026-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3731"
    },
    {
      "name": "CVE-2020-36179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36179"
    },
    {
      "name": "CVE-2026-35469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-35469"
    },
    {
      "name": "CVE-2026-3062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3062"
    },
    {
      "name": "CVE-2018-14718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
    },
    {
      "name": "CVE-2020-10650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10650"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2026-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1861"
    },
    {
      "name": "CVE-2025-66516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66516"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2023-2251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2251"
    },
    {
      "name": "CVE-2026-25833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25833"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2025-49844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
    },
    {
      "name": "CVE-2020-36186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36186"
    },
    {
      "name": "CVE-2025-15467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
    },
    {
      "name": "CVE-2020-36189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36189"
    },
    {
      "name": "CVE-2024-58251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-58251"
    },
    {
      "name": "CVE-2019-20444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
    },
    {
      "name": "CVE-2025-9820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9820"
    },
    {
      "name": "CVE-2020-35490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35490"
    },
    {
      "name": "CVE-2026-33870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
    },
    {
      "name": "CVE-2026-22690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22690"
    },
    {
      "name": "CVE-2025-55130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
    },
    {
      "name": "CVE-2023-34454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34454"
    },
    {
      "name": "CVE-2022-46337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46337"
    },
    {
      "name": "CVE-2021-20190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20190"
    },
    {
      "name": "CVE-2021-35516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
    },
    {
      "name": "CVE-2026-3544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3544"
    },
    {
      "name": "CVE-2024-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2024-29857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
    },
    {
      "name": "CVE-2020-13949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949"
    },
    {
      "name": "CVE-2018-19360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
    },
    {
      "name": "CVE-2026-2648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2648"
    },
    {
      "name": "CVE-2023-47627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-47627"
    },
    {
      "name": "CVE-2026-40200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40200"
    },
    {
      "name": "CVE-2024-13009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13009"
    },
    {
      "name": "CVE-2026-27025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27025"
    },
    {
      "name": "CVE-2025-55131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
    },
    {
      "name": "CVE-2026-32778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32778"
    },
    {
      "name": "CVE-2026-5121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
    },
    {
      "name": "CVE-2024-12798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12798"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2025-27210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27210"
    },
    {
      "name": "CVE-2019-16335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
    },
    {
      "name": "CVE-2023-34453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34453"
    },
    {
      "name": "CVE-2022-40149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
    },
    {
      "name": "CVE-2024-41996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-59465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
    },
    {
      "name": "CVE-2023-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
    },
    {
      "name": "CVE-2026-21715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21715"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2026-34073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34073"
    },
    {
      "name": "CVE-2026-27144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27144"
    },
    {
      "name": "CVE-2018-7489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
    },
    {
      "name": "CVE-2025-58057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58057"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2026-22795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
    },
    {
      "name": "CVE-2026-32283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32283"
    },
    {
      "name": "CVE-2019-14893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
    },
    {
      "name": "CVE-2019-10202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10202"
    },
    {
      "name": "CVE-2026-25834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25834"
    },
    {
      "name": "CVE-2026-21925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
    },
    {
      "name": "CVE-2026-3537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3537"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-69225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69225"
    },
    {
      "name": "CVE-2025-62718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
    },
    {
      "name": "CVE-2026-27024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27024"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2021-35517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
    },
    {
      "name": "CVE-2026-4424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
    },
    {
      "name": "CVE-2025-67030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67030"
    },
    {
      "name": "CVE-2026-34877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34877"
    },
    {
      "name": "CVE-2026-32281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32281"
    },
    {
      "name": "CVE-2026-27142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
    },
    {
      "name": "CVE-2026-28389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28389"
    },
    {
      "name": "CVE-2021-23358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
    },
    {
      "name": "CVE-2025-31133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2026-34875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34875"
    },
    {
      "name": "CVE-2026-21717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
    },
    {
      "name": "CVE-2025-64505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
    },
    {
      "name": "CVE-2025-69227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69227"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2020-10672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672"
    },
    {
      "name": "CVE-2022-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3510"
    },
    {
      "name": "CVE-2022-3509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3509"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2021-28165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
    },
    {
      "name": "CVE-2025-69421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
    },
    {
      "name": "CVE-2021-37137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
    },
    {
      "name": "CVE-2019-14439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14439"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2026-34478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34478"
    },
    {
      "name": "CVE-2026-33055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33055"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2025-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
    },
    {
      "name": "CVE-2025-11143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11143"
    },
    {
      "name": "CVE-2026-34480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34480"
    },
    {
      "name": "CVE-2017-7658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7658"
    },
    {
      "name": "CVE-2026-27699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
    },
    {
      "name": "CVE-2022-40150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
    },
    {
      "name": "CVE-2025-47911",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47911"
    },
    {
      "name": "CVE-2025-28162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
    },
    {
      "name": "CVE-2023-22946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22946"
    },
    {
      "name": "CVE-2026-33228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
    },
    {
      "name": "CVE-2020-36187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36187"
    },
    {
      "name": "CVE-2026-40175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
    },
    {
      "name": "CVE-2025-13151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-21634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
    },
    {
      "name": "CVE-2021-36090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
    },
    {
      "name": "CVE-2026-21716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
    },
    {
      "name": "CVE-2025-64506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
    },
    {
      "name": "CVE-2024-53899",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53899"
    },
    {
      "name": "CVE-2025-68161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68161"
    },
    {
      "name": "CVE-2026-28351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28351"
    },
    {
      "name": "CVE-2025-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
    },
    {
      "name": "CVE-2023-34455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34455"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2024-29131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29131"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-14174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14174"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2026-22796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
    },
    {
      "name": "CVE-2025-64720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
    },
    {
      "name": "CVE-2024-30251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-30251"
    },
    {
      "name": "CVE-2020-11620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620"
    },
    {
      "name": "CVE-2026-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2650"
    },
    {
      "name": "CVE-2026-3541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3541"
    },
    {
      "name": "CVE-2024-12801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12801"
    },
    {
      "name": "CVE-2021-37136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
    },
    {
      "name": "CVE-2018-12022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12022"
    },
    {
      "name": "CVE-2026-3539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3539"
    },
    {
      "name": "CVE-2026-34874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34874"
    },
    {
      "name": "CVE-2026-21712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21712"
    },
    {
      "name": "CVE-2018-5968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5968"
    },
    {
      "name": "CVE-2025-61732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
    },
    {
      "name": "CVE-2024-27306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2025-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
    },
    {
      "name": "CVE-2024-8775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
    },
    {
      "name": "CVE-2026-3538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3538"
    },
    {
      "name": "CVE-2025-55159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55159"
    },
    {
      "name": "CVE-2025-55132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
    },
    {
      "name": "CVE-2026-22702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
    },
    {
      "name": "CVE-2025-46394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46394"
    },
    {
      "name": "CVE-2025-66471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
    },
    {
      "name": "CVE-2020-24750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24750"
    },
    {
      "name": "CVE-2026-25679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
    },
    {
      "name": "CVE-2026-21441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2025-68390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68390"
    },
    {
      "name": "CVE-2024-11079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
    },
    {
      "name": "CVE-2026-22732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2026-25210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25210"
    },
    {
      "name": "CVE-2026-28387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28387"
    },
    {
      "name": "CVE-2025-65018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
    },
    {
      "name": "CVE-2026-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28388"
    },
    {
      "name": "CVE-2026-40192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-40192"
    },
    {
      "name": "CVE-2025-66293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66293"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2019-16943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
    },
    {
      "name": "CVE-2026-32289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32289"
    },
    {
      "name": "CVE-2026-0865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
    },
    {
      "name": "CVE-2026-21714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21714"
    },
    {
      "name": "CVE-2024-12087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
    },
    {
      "name": "CVE-2017-7525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
    },
    {
      "name": "CVE-2026-4111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-4111"
    },
    {
      "name": "CVE-2026-24515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24515"
    },
    {
      "name": "CVE-2024-26130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26130"
    },
    {
      "name": "CVE-2019-20330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
    },
    {
      "name": "CVE-2024-41110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2026-2441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2441"
    },
    {
      "name": "CVE-2020-14195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14195"
    },
    {
      "name": "CVE-2025-69228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69228"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2020-35491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-35491"
    },
    {
      "name": "CVE-2019-17531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
    },
    {
      "name": "CVE-2025-1948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1948"
    },
    {
      "name": "CVE-2026-32280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32280"
    },
    {
      "name": "CVE-2025-27553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27553"
    },
    {
      "name": "CVE-2025-30761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30761"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2026-27888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27888"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2026-33056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33056"
    },
    {
      "name": "CVE-2026-25835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25835"
    },
    {
      "name": "CVE-2025-68160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
    },
    {
      "name": "CVE-2022-3996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3996"
    },
    {
      "name": "CVE-2020-14061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14061"
    },
    {
      "name": "CVE-2025-52565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
    },
    {
      "name": "CVE-2017-7657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7657"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2025-61728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
    },
    {
      "name": "CVE-2026-0965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0965"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2022-42004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
    },
    {
      "name": "CVE-2022-40023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40023"
    },
    {
      "name": "CVE-2020-11619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619"
    },
    {
      "name": "CVE-2025-9086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
    },
    {
      "name": "CVE-2026-34872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34872"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2024-29371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
    },
    {
      "name": "CVE-2020-36183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36183"
    },
    {
      "name": "CVE-2026-3542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3542"
    },
    {
      "name": "CVE-2023-49081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49081"
    },
    {
      "name": "CVE-2020-8840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
    },
    {
      "name": "CVE-2026-34871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34871"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-69226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69226"
    },
    {
      "name": "CVE-2026-3536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3536"
    },
    {
      "name": "CVE-2026-28390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28390"
    },
    {
      "name": "CVE-2019-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
    },
    {
      "name": "CVE-2024-32650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-32650"
    },
    {
      "name": "CVE-2026-34873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34873"
    },
    {
      "name": "CVE-2026-6042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-6042"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2019-10172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172"
    },
    {
      "name": "CVE-2025-47913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47913"
    },
    {
      "name": "CVE-2024-55549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-55549"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2020-36184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36184"
    },
    {
      "name": "CVE-2026-0967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0967"
    },
    {
      "name": "CVE-2025-69418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-59466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
    },
    {
      "name": "CVE-2025-15468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15468"
    },
    {
      "name": "CVE-2026-25639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
    },
    {
      "name": "CVE-2026-21713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21713"
    },
    {
      "name": "CVE-2020-36180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36180"
    },
    {
      "name": "CVE-2018-12023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12023"
    },
    {
      "name": "CVE-2026-0968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0968"
    },
    {
      "name": "CVE-2026-27140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27140"
    },
    {
      "name": "CVE-2018-14720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
    },
    {
      "name": "CVE-2024-52304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52304"
    },
    {
      "name": "CVE-2020-36518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
    },
    {
      "name": "CVE-2026-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
    },
    {
      "name": "CVE-2023-5408",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5408"
    },
    {
      "name": "CVE-2025-69277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
    },
    {
      "name": "CVE-2026-25541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25541"
    },
    {
      "name": "CVE-2026-31789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31789"
    },
    {
      "name": "CVE-2026-22735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
    },
    {
      "name": "CVE-2026-42311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42311"
    },
    {
      "name": "CVE-2026-20239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20239"
    },
    {
      "name": "CVE-2025-24855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24855"
    },
    {
      "name": "CVE-2026-3063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3063"
    },
    {
      "name": "CVE-2019-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2024-27308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-27308"
    },
    {
      "name": "CVE-2026-42310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-42310"
    },
    {
      "name": "CVE-2026-22695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22695"
    },
    {
      "name": "CVE-2026-27139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
    },
    {
      "name": "CVE-2026-20240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20240"
    },
    {
      "name": "CVE-2023-49083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49083"
    },
    {
      "name": "CVE-2017-15095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
    },
    {
      "name": "CVE-2019-14540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
    },
    {
      "name": "CVE-2024-36114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-36114"
    },
    {
      "name": "CVE-2019-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12086"
    },
    {
      "name": "CVE-2018-14721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
    },
    {
      "name": "CVE-2025-48924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48924"
    },
    {
      "name": "CVE-2026-33810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-33810"
    },
    {
      "name": "CVE-2025-66566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66566"
    },
    {
      "name": "CVE-2025-11187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11187"
    },
    {
      "name": "CVE-2017-7656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7656"
    },
    {
      "name": "CVE-2026-27026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27026"
    },
    {
      "name": "CVE-2026-2673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2673"
    },
    {
      "name": "CVE-2018-20225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
    },
    {
      "name": "CVE-2026-32282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32282"
    },
    {
      "name": "CVE-2018-11307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2025-68121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
    },
    {
      "name": "CVE-2024-12088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
    },
    {
      "name": "CVE-2025-14819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
    },
    {
      "name": "CVE-2022-42003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
    },
    {
      "name": "CVE-2020-25649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
    },
    {
      "name": "CVE-2026-27141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27141"
    },
    {
      "name": "CVE-2023-2976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
    },
    {
      "name": "CVE-2025-61726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
    },
    {
      "name": "CVE-2017-17485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
    },
    {
      "name": "CVE-2026-1584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1584"
    },
    {
      "name": "CVE-2026-20238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-20238"
    },
    {
      "name": "CVE-2024-23829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23829"
    },
    {
      "name": "CVE-2025-59464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
    },
    {
      "name": "CVE-2025-30153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30153"
    },
    {
      "name": "CVE-2026-32141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
    },
    {
      "name": "CVE-2019-14379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
    },
    {
      "name": "CVE-2025-69229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69229"
    },
    {
      "name": "CVE-2021-35515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
    },
    {
      "name": "CVE-2026-3545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3545"
    },
    {
      "name": "CVE-2025-30204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
    },
    {
      "name": "CVE-2026-28804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-28804"
    },
    {
      "name": "CVE-2026-34477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-34477"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2022-3171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
    },
    {
      "name": "CVE-2026-2649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2649"
    },
    {
      "name": "CVE-2024-39689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
    },
    {
      "name": "CVE-2025-37731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37731"
    },
    {
      "name": "CVE-2026-24688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24688"
    },
    {
      "name": "CVE-2026-32776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-32776"
    },
    {
      "name": "CVE-2025-12183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12183"
    },
    {
      "name": "CVE-2019-16869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
    },
    {
      "name": "CVE-2025-68119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
    },
    {
      "name": "CVE-2025-7338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7338"
    },
    {
      "name": "CVE-2022-23491",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2026-22691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22691"
    },
    {
      "name": "CVE-2026-27628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
    },
    {
      "name": "CVE-2025-69420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2026-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
    },
    {
      "name": "CVE-2020-14060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14060"
    },
    {
      "name": "CVE-2026-31790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
    },
    {
      "name": "CVE-2020-36188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36188"
    },
    {
      "name": "CVE-2025-61729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2025-14831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14831"
    },
    {
      "name": "CVE-2024-23334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23334"
    },
    {
      "name": "CVE-2019-14892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
    },
    {
      "name": "CVE-2026-21710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21710"
    },
    {
      "name": "CVE-2025-66418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
    },
    {
      "name": "CVE-2019-20445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    },
    {
      "name": "CVE-2020-14062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14062"
    }
  ],
  "initial_release_date": "2026-05-21T00:00:00",
  "last_revision_date": "2026-05-21T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0627",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-05-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Splunk. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Splunk",
  "vendor_advisories": [
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0512",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0512"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0513",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0513"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0509",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0509"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0510",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0510"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0505",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0505"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0515",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0515"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0507",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0507"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0506",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0506"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0508",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0508"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0504",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0504"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0514",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0514"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0516",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0516"
    },
    {
      "published_at": "2026-05-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0501",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0501"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0503",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0503"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0511",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0511"
    },
    {
      "published_at": "2026-05-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Splunk SVD-2026-0502",
      "url": "https://advisory.splunk.com/advisories/SVD-2026-0502"
    }
  ]
}

cleanstart-2026-dd05788

Vulnerability from cleanstart

Published

2026-05-18 13:02

Modified

2026-05-17 12:57

Summary

Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-41973, CVE-2022-24823, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-41881, CVE-2023-1370, CVE-2023-2976, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462, CVE-2023-43642, CVE-2023-44487, CVE-2023-52428, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-21634, CVE-2024-25638, CVE-2024-27137, CVE-2024-29025, CVE-2024-35255, CVE-2024-40094, CVE-2024-47535, CVE-2024-47554, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2024-9823, CVE-2025-23015, CVE-2025-24860, CVE-2025-24970, CVE-2025-25193, CVE-2025-46392, CVE-2025-48734, CVE-2025-48924, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2026-1225, CVE-2026-27315, CVE-2026-32588, CVE-2026-33870, CVE-2026-33871, CVE-2026-41409, CVE-2026-41417, CVE-2026-41635, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42586, CVE-2026-42587, CVE-2026-42778, CVE-2026-42779, CVE-2026-44248, ghsa-25qh-j22f-pwp8, ghsa-264p-99wq-f4j6, ghsa-269q-hmxg-m83q, ghsa-355h-qmc2-wpwf, ghsa-389x-839f-4rhx, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45q3-82m4-75jr, ghsa-493p-pfq6-5258, ghsa-4g8c-wm8x-jfhw, ghsa-4gg5-vx3j-xwc7, ghsa-55g7-9cwv-5qfv, ghsa-57rv-r2g8-2cj3, ghsa-5jpm-x58v-624v, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-735f-pc8j-v9w8, ghsa-76h9-2vwh-w278, ghsa-78wr-2p64-hpwj, ghsa-7g45-4rm6-3mm3, ghsa-8297-v2rf-2p32, ghsa-84h7-rjj3-6jx4, ghsa-995c-6rp3-4m4x, ghsa-cfxw-4h78-h7fw, ghsa-cm33-6792-r9fm, ghsa-f2wh-grmh-r6jm, ghsa-f6hv-jmp6-3vwv, ghsa-fghv-69vj-qj49, ghsa-fh34-c629-p8xj, ghsa-fjpj-2g6w-x25r, ghsa-fx2c-96vj-985v, ghsa-g5ww-5jh7-63cx, ghsa-g8m5-722r-8whq, ghsa-gvpg-vgmx-xg6w, ghsa-h4h5-3hr4-j3g2, ghsa-h9mq-f6q5-6c8m, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jfg9-48mv-9qgx, ghsa-jq43-27x9-3v86, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-mvr2-9pj6-7w5j, ghsa-pqr6-cmr2-h8hf, ghsa-pr98-23f8-jwxv, ghsa-prj3-ccx8-p6x4, ghsa-q4rv-gq96-w7c5, ghsa-qcwq-55hx-v3vh, ghsa-qffm-gf3j-6mvg, ghsa-qqpg-mvqg-649v, ghsa-rgrr-p7gp-5xj7, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-vf5j-865m-mq7c, ghsa-wxr5-93ph-8wr9, ghsa-xpw8-rcwv-8f8p, ghsa-xq3w-v528-46rv, ghsa-xwmg-2g98-w7v9, ghsa-xxqh-mfjm-7mv9 applied in versions: 1.0.90-r4, 1.0.91-r0, 1.0.91-r1, 1.0.91-r2

Details

Multiple security vulnerabilities affect the stargate package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2018-10237	WEB
	https://osv.dev/vulnerability/CVE-2020-8908	WEB
	https://osv.dev/vulnerability/CVE-2021-41973	WEB
	https://osv.dev/vulnerability/CVE-2022-24823	WEB
	https://osv.dev/vulnerability/CVE-2022-3171	WEB
	https://osv.dev/vulnerability/CVE-2022-3509	WEB
	https://osv.dev/vulnerability/CVE-2022-3510	WEB
	https://osv.dev/vulnerability/CVE-2022-41881	WEB
	https://osv.dev/vulnerability/CVE-2023-1370	WEB
	https://osv.dev/vulnerability/CVE-2023-2976	WEB
	https://osv.dev/vulnerability/CVE-2023-34453	WEB
	https://osv.dev/vulnerability/CVE-2023-34454	WEB
	https://osv.dev/vulnerability/CVE-2023-34455	WEB
	https://osv.dev/vulnerability/CVE-2023-34462	WEB
	https://osv.dev/vulnerability/CVE-2023-43642	WEB
	https://osv.dev/vulnerability/CVE-2023-44487	WEB
	https://osv.dev/vulnerability/CVE-2023-52428	WEB
	https://osv.dev/vulnerability/CVE-2024-12798	WEB
	https://osv.dev/vulnerability/CVE-2024-12801	WEB
	https://osv.dev/vulnerability/CVE-2024-13009	WEB
	https://osv.dev/vulnerability/CVE-2024-21634	WEB
	https://osv.dev/vulnerability/CVE-2024-25638	WEB
	https://osv.dev/vulnerability/CVE-2024-27137	WEB
	https://osv.dev/vulnerability/CVE-2024-29025	WEB
	https://osv.dev/vulnerability/CVE-2024-35255	WEB
	https://osv.dev/vulnerability/CVE-2024-40094	WEB
	https://osv.dev/vulnerability/CVE-2024-47535	WEB
	https://osv.dev/vulnerability/CVE-2024-47554	WEB
	https://osv.dev/vulnerability/CVE-2024-52046	WEB
	https://osv.dev/vulnerability/CVE-2024-6763	WEB
	https://osv.dev/vulnerability/CVE-2024-7254	WEB
	https://osv.dev/vulnerability/CVE-2024-8184	WEB
	https://osv.dev/vulnerability/CVE-2024-9823	WEB
	https://osv.dev/vulnerability/CVE-2025-23015	WEB
	https://osv.dev/vulnerability/CVE-2025-24860	WEB
	https://osv.dev/vulnerability/CVE-2025-24970	WEB
	https://osv.dev/vulnerability/CVE-2025-25193	WEB
	https://osv.dev/vulnerability/CVE-2025-46392	WEB
	https://osv.dev/vulnerability/CVE-2025-48734	WEB
	https://osv.dev/vulnerability/CVE-2025-48924	WEB
	https://osv.dev/vulnerability/CVE-2025-53864	WEB
	https://osv.dev/vulnerability/CVE-2025-55163	WEB
	https://osv.dev/vulnerability/CVE-2025-58056	WEB
	https://osv.dev/vulnerability/CVE-2025-58057	WEB
	https://osv.dev/vulnerability/CVE-2025-59419	WEB
	https://osv.dev/vulnerability/CVE-2025-67735	WEB
	https://osv.dev/vulnerability/CVE-2026-1225	WEB
	https://osv.dev/vulnerability/CVE-2026-27315	WEB
	https://osv.dev/vulnerability/CVE-2026-32588	WEB
	https://osv.dev/vulnerability/CVE-2026-33870	WEB
	https://osv.dev/vulnerability/CVE-2026-33871	WEB
	https://osv.dev/vulnerability/CVE-2026-41409	WEB
	https://osv.dev/vulnerability/CVE-2026-41417	WEB
	https://osv.dev/vulnerability/CVE-2026-41635	WEB
	https://osv.dev/vulnerability/CVE-2026-42578	WEB
	https://osv.dev/vulnerability/CVE-2026-42579	WEB
	https://osv.dev/vulnerability/CVE-2026-42580	WEB
	https://osv.dev/vulnerability/CVE-2026-42581	WEB
	https://osv.dev/vulnerability/CVE-2026-42583	WEB
	https://osv.dev/vulnerability/CVE-2026-42584	WEB
	https://osv.dev/vulnerability/CVE-2026-42585	WEB
	https://osv.dev/vulnerability/CVE-2026-42586	WEB
	https://osv.dev/vulnerability/CVE-2026-42587	WEB
	https://osv.dev/vulnerability/CVE-2026-42778	WEB
	https://osv.dev/vulnerability/CVE-2026-42779	WEB
	https://osv.dev/vulnerability/CVE-2026-44248	WEB
	https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8	WEB
	https://osv.dev/vulnerability/ghsa-264p-99wq-f4j6	WEB
	https://osv.dev/vulnerability/ghsa-269q-hmxg-m83q	WEB
	https://osv.dev/vulnerability/ghsa-355h-qmc2-wpwf	WEB
	https://osv.dev/vulnerability/ghsa-389x-839f-4rhx	WEB
	https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv	WEB
	https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj	WEB
	https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr	WEB
	https://osv.dev/vulnerability/ghsa-493p-pfq6-5258	WEB
	https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw	WEB
	https://osv.dev/vulnerability/ghsa-4gg5-vx3j-xwc7	WEB
	https://osv.dev/vulnerability/ghsa-55g7-9cwv-5qfv	WEB
	https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3	WEB
	https://osv.dev/vulnerability/ghsa-5jpm-x58v-624v	WEB
	https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3	WEB
	https://osv.dev/vulnerability/ghsa-6mjq-h674-j845	WEB
	https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4	WEB
	https://osv.dev/vulnerability/ghsa-735f-pc8j-v9w8	WEB
	https://osv.dev/vulnerability/ghsa-76h9-2vwh-w278	WEB
	https://osv.dev/vulnerability/ghsa-78wr-2p64-hpwj	WEB
	https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3	WEB
	https://osv.dev/vulnerability/ghsa-8297-v2rf-2p32	WEB
	https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4	WEB
	https://osv.dev/vulnerability/ghsa-995c-6rp3-4m4x	WEB
	https://osv.dev/vulnerability/ghsa-cfxw-4h78-h7fw	WEB
	https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm	WEB
	https://osv.dev/vulnerability/ghsa-f2wh-grmh-r6jm	WEB
	https://osv.dev/vulnerability/ghsa-f6hv-jmp6-3vwv	WEB
	https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49	WEB
	https://osv.dev/vulnerability/ghsa-fh34-c629-p8xj	WEB
	https://osv.dev/vulnerability/ghsa-fjpj-2g6w-x25r	WEB
	https://osv.dev/vulnerability/ghsa-fx2c-96vj-985v	WEB
	https://osv.dev/vulnerability/ghsa-g5ww-5jh7-63cx	WEB
	https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq	WEB
	https://osv.dev/vulnerability/ghsa-gvpg-vgmx-xg6w	WEB
	https://osv.dev/vulnerability/ghsa-h4h5-3hr4-j3g2	WEB
	https://osv.dev/vulnerability/ghsa-h9mq-f6q5-6c8m	WEB
	https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q	WEB
	https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v	WEB
	https://osv.dev/vulnerability/ghsa-jfg9-48mv-9qgx	WEB
	https://osv.dev/vulnerability/ghsa-jq43-27x9-3v86	WEB
	https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723	WEB
	https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6	WEB
	https://osv.dev/vulnerability/ghsa-mvr2-9pj6-7w5j	WEB
	https://osv.dev/vulnerability/ghsa-pqr6-cmr2-h8hf	WEB
	https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv	WEB
	https://osv.dev/vulnerability/ghsa-prj3-ccx8-p6x4	WEB
	https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5	WEB
	https://osv.dev/vulnerability/ghsa-qcwq-55hx-v3vh	WEB
	https://osv.dev/vulnerability/ghsa-qffm-gf3j-6mvg	WEB
	https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v	WEB
	https://osv.dev/vulnerability/ghsa-rgrr-p7gp-5xj7	WEB
	https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p	WEB
	https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv	WEB
	https://osv.dev/vulnerability/ghsa-vf5j-865m-mq7c	WEB
	https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9	WEB
	https://osv.dev/vulnerability/ghsa-xpw8-rcwv-8f8p	WEB
	https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv	WEB
	https://osv.dev/vulnerability/ghsa-xwmg-2g98-w7v9	WEB
	https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-10237	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-8908	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-41973	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3171	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3509	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3510	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-41881	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-1370	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2976	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34453	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34454	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34455	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34462	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-43642	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-44487	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-52428	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12798	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12801	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-13009	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-21634	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-25638	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-27137	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-29025	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-35255	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-40094	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47535	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47554	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-52046	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-6763	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-7254	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-8184	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-9823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-23015	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-24860	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-24970	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-25193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46392	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48734	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48924	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-53864	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55163	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58056	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58057	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59419	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-67735	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1225	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-27315	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-32588	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33870	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33871	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-41409	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-41417	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-41635	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42578	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42579	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42580	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42581	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42583	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42584	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42585	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42586	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42587	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42778	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-42779	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-44248	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "stargate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.91-r2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the stargate package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-DD05788",
  "modified": "2026-05-17T12:57:15Z",
  "published": "2026-05-18T13:02:30.461225Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-DD05788.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-10237"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41973"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3171"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3509"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3510"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-41881"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-1370"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34453"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34454"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34455"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-43642"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-44487"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-52428"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12798"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-21634"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-25638"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-27137"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-29025"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-35255"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-40094"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47535"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47554"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-52046"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-7254"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-9823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-23015"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-24860"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46392"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-53864"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55163"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59419"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-67735"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1225"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-27315"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-32588"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-41409"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-41417"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-41635"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42578"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42579"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42580"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42581"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42583"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42584"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42585"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42586"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42587"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42778"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-42779"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-44248"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-264p-99wq-f4j6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-269q-hmxg-m83q"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-355h-qmc2-wpwf"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-389x-839f-4rhx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-38f8-5428-x5cv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-45q3-82m4-75jr"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-493p-pfq6-5258"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4gg5-vx3j-xwc7"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-55g7-9cwv-5qfv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-57rv-r2g8-2cj3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-5jpm-x58v-624v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6mjq-h674-j845"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-735f-pc8j-v9w8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-76h9-2vwh-w278"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-78wr-2p64-hpwj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-8297-v2rf-2p32"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-995c-6rp3-4m4x"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cfxw-4h78-h7fw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cm33-6792-r9fm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f2wh-grmh-r6jm"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-f6hv-jmp6-3vwv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fh34-c629-p8xj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fjpj-2g6w-x25r"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fx2c-96vj-985v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-g5ww-5jh7-63cx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-gvpg-vgmx-xg6w"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h4h5-3hr4-j3g2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h9mq-f6q5-6c8m"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jfg9-48mv-9qgx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jq43-27x9-3v86"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-m4cv-j2px-7723"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mj4r-2hfc-f8p6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mvr2-9pj6-7w5j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pqr6-cmr2-h8hf"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-prj3-ccx8-p6x4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qcwq-55hx-v3vh"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qffm-gf3j-6mvg"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-rgrr-p7gp-5xj7"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-rwm7-x88c-3g2p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-v8h7-rr48-vmmv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-vf5j-865m-mq7c"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xpw8-rcwv-8f8p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xwmg-2g98-w7v9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xxqh-mfjm-7mv9"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41973"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34453"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34454"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34455"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52428"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21634"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25638"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27137"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35255"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40094"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52046"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23015"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24860"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46392"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1225"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27315"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32588"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41409"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41635"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42578"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42579"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42583"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42586"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42778"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42779"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44248"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-41973, CVE-2022-24823, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-41881, CVE-2023-1370, CVE-2023-2976, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462, CVE-2023-43642, CVE-2023-44487, CVE-2023-52428, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-21634, CVE-2024-25638, CVE-2024-27137, CVE-2024-29025, CVE-2024-35255, CVE-2024-40094, CVE-2024-47535, CVE-2024-47554, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2024-9823, CVE-2025-23015, CVE-2025-24860, CVE-2025-24970, CVE-2025-25193, CVE-2025-46392, CVE-2025-48734, CVE-2025-48924, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2026-1225, CVE-2026-27315, CVE-2026-32588, CVE-2026-33870, CVE-2026-33871, CVE-2026-41409, CVE-2026-41417, CVE-2026-41635, CVE-2026-42578, CVE-2026-42579, CVE-2026-42580, CVE-2026-42581, CVE-2026-42583, CVE-2026-42584, CVE-2026-42585, CVE-2026-42586, CVE-2026-42587, CVE-2026-42778, CVE-2026-42779, CVE-2026-44248, ghsa-25qh-j22f-pwp8, ghsa-264p-99wq-f4j6, ghsa-269q-hmxg-m83q, ghsa-355h-qmc2-wpwf, ghsa-389x-839f-4rhx, ghsa-38f8-5428-x5cv, ghsa-3p8m-j85q-pgmj, ghsa-45q3-82m4-75jr, ghsa-493p-pfq6-5258, ghsa-4g8c-wm8x-jfhw, ghsa-4gg5-vx3j-xwc7, ghsa-55g7-9cwv-5qfv, ghsa-57rv-r2g8-2cj3, ghsa-5jpm-x58v-624v, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-735f-pc8j-v9w8, ghsa-76h9-2vwh-w278, ghsa-78wr-2p64-hpwj, ghsa-7g45-4rm6-3mm3, ghsa-8297-v2rf-2p32, ghsa-84h7-rjj3-6jx4, ghsa-995c-6rp3-4m4x, ghsa-cfxw-4h78-h7fw, ghsa-cm33-6792-r9fm, ghsa-f2wh-grmh-r6jm, ghsa-f6hv-jmp6-3vwv, ghsa-fghv-69vj-qj49, ghsa-fh34-c629-p8xj, ghsa-fjpj-2g6w-x25r, ghsa-fx2c-96vj-985v, ghsa-g5ww-5jh7-63cx, ghsa-g8m5-722r-8whq, ghsa-gvpg-vgmx-xg6w, ghsa-h4h5-3hr4-j3g2, ghsa-h9mq-f6q5-6c8m, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jfg9-48mv-9qgx, ghsa-jq43-27x9-3v86, ghsa-m4cv-j2px-7723, ghsa-mj4r-2hfc-f8p6, ghsa-mvr2-9pj6-7w5j, ghsa-pqr6-cmr2-h8hf, ghsa-pr98-23f8-jwxv, ghsa-prj3-ccx8-p6x4, ghsa-q4rv-gq96-w7c5, ghsa-qcwq-55hx-v3vh, ghsa-qffm-gf3j-6mvg, ghsa-qqpg-mvqg-649v, ghsa-rgrr-p7gp-5xj7, ghsa-rwm7-x88c-3g2p, ghsa-v8h7-rr48-vmmv, ghsa-vf5j-865m-mq7c, ghsa-wxr5-93ph-8wr9, ghsa-xpw8-rcwv-8f8p, ghsa-xq3w-v528-46rv, ghsa-xwmg-2g98-w7v9, ghsa-xxqh-mfjm-7mv9 applied in versions: 1.0.90-r4, 1.0.91-r0, 1.0.91-r1, 1.0.91-r2",
  "upstream": [
    "CVE-2018-10237",
    "CVE-2020-8908",
    "CVE-2021-41973",
    "CVE-2022-24823",
    "CVE-2022-3171",
    "CVE-2022-3509",
    "CVE-2022-3510",
    "CVE-2022-41881",
    "CVE-2023-1370",
    "CVE-2023-2976",
    "CVE-2023-34453",
    "CVE-2023-34454",
    "CVE-2023-34455",
    "CVE-2023-34462",
    "CVE-2023-43642",
    "CVE-2023-44487",
    "CVE-2023-52428",
    "CVE-2024-12798",
    "CVE-2024-12801",
    "CVE-2024-13009",
    "CVE-2024-21634",
    "CVE-2024-25638",
    "CVE-2024-27137",
    "CVE-2024-29025",
    "CVE-2024-35255",
    "CVE-2024-40094",
    "CVE-2024-47535",
    "CVE-2024-47554",
    "CVE-2024-52046",
    "CVE-2024-6763",
    "CVE-2024-7254",
    "CVE-2024-8184",
    "CVE-2024-9823",
    "CVE-2025-23015",
    "CVE-2025-24860",
    "CVE-2025-24970",
    "CVE-2025-25193",
    "CVE-2025-46392",
    "CVE-2025-48734",
    "CVE-2025-48924",
    "CVE-2025-53864",
    "CVE-2025-55163",
    "CVE-2025-58056",
    "CVE-2025-58057",
    "CVE-2025-59419",
    "CVE-2025-67735",
    "CVE-2026-1225",
    "CVE-2026-27315",
    "CVE-2026-32588",
    "CVE-2026-33870",
    "CVE-2026-33871",
    "CVE-2026-41409",
    "CVE-2026-41417",
    "CVE-2026-41635",
    "CVE-2026-42578",
    "CVE-2026-42579",
    "CVE-2026-42580",
    "CVE-2026-42581",
    "CVE-2026-42583",
    "CVE-2026-42584",
    "CVE-2026-42585",
    "CVE-2026-42586",
    "CVE-2026-42587",
    "CVE-2026-42778",
    "CVE-2026-42779",
    "CVE-2026-44248",
    "ghsa-25qh-j22f-pwp8",
    "ghsa-264p-99wq-f4j6",
    "ghsa-269q-hmxg-m83q",
    "ghsa-355h-qmc2-wpwf",
    "ghsa-389x-839f-4rhx",
    "ghsa-38f8-5428-x5cv",
    "ghsa-3p8m-j85q-pgmj",
    "ghsa-45q3-82m4-75jr",
    "ghsa-493p-pfq6-5258",
    "ghsa-4g8c-wm8x-jfhw",
    "ghsa-4gg5-vx3j-xwc7",
    "ghsa-55g7-9cwv-5qfv",
    "ghsa-57rv-r2g8-2cj3",
    "ghsa-5jpm-x58v-624v",
    "ghsa-5mg8-w23w-74h3",
    "ghsa-6mjq-h674-j845",
    "ghsa-6v67-2wr5-gvf4",
    "ghsa-735f-pc8j-v9w8",
    "ghsa-76h9-2vwh-w278",
    "ghsa-78wr-2p64-hpwj",
    "ghsa-7g45-4rm6-3mm3",
    "ghsa-8297-v2rf-2p32",
    "ghsa-84h7-rjj3-6jx4",
    "ghsa-995c-6rp3-4m4x",
    "ghsa-cfxw-4h78-h7fw",
    "ghsa-cm33-6792-r9fm",
    "ghsa-f2wh-grmh-r6jm",
    "ghsa-f6hv-jmp6-3vwv",
    "ghsa-fghv-69vj-qj49",
    "ghsa-fh34-c629-p8xj",
    "ghsa-fjpj-2g6w-x25r",
    "ghsa-fx2c-96vj-985v",
    "ghsa-g5ww-5jh7-63cx",
    "ghsa-g8m5-722r-8whq",
    "ghsa-gvpg-vgmx-xg6w",
    "ghsa-h4h5-3hr4-j3g2",
    "ghsa-h9mq-f6q5-6c8m",
    "ghsa-j26w-f9rq-mr2q",
    "ghsa-j288-q9x7-2f5v",
    "ghsa-jfg9-48mv-9qgx",
    "ghsa-jq43-27x9-3v86",
    "ghsa-m4cv-j2px-7723",
    "ghsa-mj4r-2hfc-f8p6",
    "ghsa-mvr2-9pj6-7w5j",
    "ghsa-pqr6-cmr2-h8hf",
    "ghsa-pr98-23f8-jwxv",
    "ghsa-prj3-ccx8-p6x4",
    "ghsa-q4rv-gq96-w7c5",
    "ghsa-qcwq-55hx-v3vh",
    "ghsa-qffm-gf3j-6mvg",
    "ghsa-qqpg-mvqg-649v",
    "ghsa-rgrr-p7gp-5xj7",
    "ghsa-rwm7-x88c-3g2p",
    "ghsa-v8h7-rr48-vmmv",
    "ghsa-vf5j-865m-mq7c",
    "ghsa-wxr5-93ph-8wr9",
    "ghsa-xpw8-rcwv-8f8p",
    "ghsa-xq3w-v528-46rv",
    "ghsa-xwmg-2g98-w7v9",
    "ghsa-xxqh-mfjm-7mv9"
  ]
}

cleanstart-2026-vh41554

Vulnerability from cleanstart

Published

2026-04-06 02:48

Modified

2026-04-03 09:17

Summary

Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-41973, CVE-2022-24823, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-41881, CVE-2023-1370, CVE-2023-2976, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462, CVE-2023-43642, CVE-2023-44487, CVE-2023-52428, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-21634, CVE-2024-25638, CVE-2024-27137, CVE-2024-29025, CVE-2024-35255, CVE-2024-40094, CVE-2024-47535, CVE-2024-47554, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2024-9823, CVE-2025-23015, CVE-2025-24860, CVE-2025-24970, CVE-2025-25193, CVE-2025-46392, CVE-2025-48734, CVE-2025-48924, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2026-1225, CVE-2026-33870, CVE-2026-33871, ghsa-25qh-j22f-pwp8, ghsa-264p-99wq-f4j6, ghsa-269q-hmxg-m83q, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-493p-pfq6-5258, ghsa-4g8c-wm8x-jfhw, ghsa-4gg5-vx3j-xwc7, ghsa-55g7-9cwv-5qfv, ghsa-5jpm-x58v-624v, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-735f-pc8j-v9w8, ghsa-76h9-2vwh-w278, ghsa-78wr-2p64-hpwj, ghsa-7g45-4rm6-3mm3, ghsa-84h7-rjj3-6jx4, ghsa-cfxw-4h78-h7fw, ghsa-fghv-69vj-qj49, ghsa-fjpj-2g6w-x25r, ghsa-fx2c-96vj-985v, ghsa-g5ww-5jh7-63cx, ghsa-g8m5-722r-8whq, ghsa-gvpg-vgmx-xg6w, ghsa-h4h5-3hr4-j3g2, ghsa-h9mq-f6q5-6c8m, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jq43-27x9-3v86, ghsa-mvr2-9pj6-7w5j, ghsa-pqr6-cmr2-h8hf, ghsa-pr98-23f8-jwxv, ghsa-prj3-ccx8-p6x4, ghsa-q4rv-gq96-w7c5, ghsa-qcwq-55hx-v3vh, ghsa-qqpg-mvqg-649v, ghsa-wxr5-93ph-8wr9, ghsa-xpw8-rcwv-8f8p, ghsa-xq3w-v528-46rv, ghsa-xwmg-2g98-w7v9 applied in versions: 1.0.90-r4, 1.0.91-r0, 1.0.91-r1

Details

Multiple security vulnerabilities affect the stargate package. These issues are resolved in later releases. See references for individual vulnerability details.

References

URL

Type

	https://github.com/cleanstart-dev/cleanstart-secu…	ADVISORY
	https://osv.dev/vulnerability/CVE-2018-10237	WEB
	https://osv.dev/vulnerability/CVE-2020-8908	WEB
	https://osv.dev/vulnerability/CVE-2021-41973	WEB
	https://osv.dev/vulnerability/CVE-2022-24823	WEB
	https://osv.dev/vulnerability/CVE-2022-3171	WEB
	https://osv.dev/vulnerability/CVE-2022-3509	WEB
	https://osv.dev/vulnerability/CVE-2022-3510	WEB
	https://osv.dev/vulnerability/CVE-2022-41881	WEB
	https://osv.dev/vulnerability/CVE-2023-1370	WEB
	https://osv.dev/vulnerability/CVE-2023-2976	WEB
	https://osv.dev/vulnerability/CVE-2023-34453	WEB
	https://osv.dev/vulnerability/CVE-2023-34454	WEB
	https://osv.dev/vulnerability/CVE-2023-34455	WEB
	https://osv.dev/vulnerability/CVE-2023-34462	WEB
	https://osv.dev/vulnerability/CVE-2023-43642	WEB
	https://osv.dev/vulnerability/CVE-2023-44487	WEB
	https://osv.dev/vulnerability/CVE-2023-52428	WEB
	https://osv.dev/vulnerability/CVE-2024-12798	WEB
	https://osv.dev/vulnerability/CVE-2024-12801	WEB
	https://osv.dev/vulnerability/CVE-2024-13009	WEB
	https://osv.dev/vulnerability/CVE-2024-21634	WEB
	https://osv.dev/vulnerability/CVE-2024-25638	WEB
	https://osv.dev/vulnerability/CVE-2024-27137	WEB
	https://osv.dev/vulnerability/CVE-2024-29025	WEB
	https://osv.dev/vulnerability/CVE-2024-35255	WEB
	https://osv.dev/vulnerability/CVE-2024-40094	WEB
	https://osv.dev/vulnerability/CVE-2024-47535	WEB
	https://osv.dev/vulnerability/CVE-2024-47554	WEB
	https://osv.dev/vulnerability/CVE-2024-52046	WEB
	https://osv.dev/vulnerability/CVE-2024-6763	WEB
	https://osv.dev/vulnerability/CVE-2024-7254	WEB
	https://osv.dev/vulnerability/CVE-2024-8184	WEB
	https://osv.dev/vulnerability/CVE-2024-9823	WEB
	https://osv.dev/vulnerability/CVE-2025-23015	WEB
	https://osv.dev/vulnerability/CVE-2025-24860	WEB
	https://osv.dev/vulnerability/CVE-2025-24970	WEB
	https://osv.dev/vulnerability/CVE-2025-25193	WEB
	https://osv.dev/vulnerability/CVE-2025-46392	WEB
	https://osv.dev/vulnerability/CVE-2025-48734	WEB
	https://osv.dev/vulnerability/CVE-2025-48924	WEB
	https://osv.dev/vulnerability/CVE-2025-53864	WEB
	https://osv.dev/vulnerability/CVE-2025-55163	WEB
	https://osv.dev/vulnerability/CVE-2025-58056	WEB
	https://osv.dev/vulnerability/CVE-2025-58057	WEB
	https://osv.dev/vulnerability/CVE-2025-59419	WEB
	https://osv.dev/vulnerability/CVE-2025-67735	WEB
	https://osv.dev/vulnerability/CVE-2026-1225	WEB
	https://osv.dev/vulnerability/CVE-2026-33870	WEB
	https://osv.dev/vulnerability/CVE-2026-33871	WEB
	https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8	WEB
	https://osv.dev/vulnerability/ghsa-264p-99wq-f4j6	WEB
	https://osv.dev/vulnerability/ghsa-269q-hmxg-m83q	WEB
	https://osv.dev/vulnerability/ghsa-389x-839f-4rhx	WEB
	https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj	WEB
	https://osv.dev/vulnerability/ghsa-493p-pfq6-5258	WEB
	https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw	WEB
	https://osv.dev/vulnerability/ghsa-4gg5-vx3j-xwc7	WEB
	https://osv.dev/vulnerability/ghsa-55g7-9cwv-5qfv	WEB
	https://osv.dev/vulnerability/ghsa-5jpm-x58v-624v	WEB
	https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3	WEB
	https://osv.dev/vulnerability/ghsa-6mjq-h674-j845	WEB
	https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4	WEB
	https://osv.dev/vulnerability/ghsa-735f-pc8j-v9w8	WEB
	https://osv.dev/vulnerability/ghsa-76h9-2vwh-w278	WEB
	https://osv.dev/vulnerability/ghsa-78wr-2p64-hpwj	WEB
	https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3	WEB
	https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4	WEB
	https://osv.dev/vulnerability/ghsa-cfxw-4h78-h7fw	WEB
	https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49	WEB
	https://osv.dev/vulnerability/ghsa-fjpj-2g6w-x25r	WEB
	https://osv.dev/vulnerability/ghsa-fx2c-96vj-985v	WEB
	https://osv.dev/vulnerability/ghsa-g5ww-5jh7-63cx	WEB
	https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq	WEB
	https://osv.dev/vulnerability/ghsa-gvpg-vgmx-xg6w	WEB
	https://osv.dev/vulnerability/ghsa-h4h5-3hr4-j3g2	WEB
	https://osv.dev/vulnerability/ghsa-h9mq-f6q5-6c8m	WEB
	https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q	WEB
	https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v	WEB
	https://osv.dev/vulnerability/ghsa-jq43-27x9-3v86	WEB
	https://osv.dev/vulnerability/ghsa-mvr2-9pj6-7w5j	WEB
	https://osv.dev/vulnerability/ghsa-pqr6-cmr2-h8hf	WEB
	https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv	WEB
	https://osv.dev/vulnerability/ghsa-prj3-ccx8-p6x4	WEB
	https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5	WEB
	https://osv.dev/vulnerability/ghsa-qcwq-55hx-v3vh	WEB
	https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v	WEB
	https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9	WEB
	https://osv.dev/vulnerability/ghsa-xpw8-rcwv-8f8p	WEB
	https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv	WEB
	https://osv.dev/vulnerability/ghsa-xwmg-2g98-w7v9	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2018-10237	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2020-8908	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2021-41973	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-24823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3171	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3509	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-3510	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2022-41881	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-1370	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-2976	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34453	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34454	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34455	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-34462	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-43642	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-44487	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2023-52428	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12798	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-12801	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-13009	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-21634	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-25638	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-27137	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-29025	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-35255	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-40094	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47535	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-47554	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-52046	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-6763	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-7254	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-8184	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2024-9823	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-23015	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-24860	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-24970	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-25193	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-46392	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48734	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-48924	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-53864	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-55163	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58056	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-58057	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-59419	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2025-67735	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-1225	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33870	WEB
	https://nvd.nist.gov/vuln/detail/CVE-2026-33871	WEB

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "CleanStart",
        "name": "stargate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.91-r1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "credits": [],
  "database_specific": {},
  "details": "Multiple security vulnerabilities affect the stargate package. These issues are resolved in later releases. See references for individual vulnerability details.",
  "id": "CLEANSTART-2026-VH41554",
  "modified": "2026-04-03T09:17:16Z",
  "published": "2026-04-06T02:48:54.465143Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-VH41554.json"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2018-10237"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2021-41973"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-24823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3171"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3509"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-3510"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2022-41881"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-1370"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34453"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34454"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34455"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-43642"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-44487"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2023-52428"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12798"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-21634"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-25638"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-27137"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-29025"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-35255"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-40094"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47535"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-47554"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-52046"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-7254"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2024-9823"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-23015"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-24860"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-46392"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-53864"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-55163"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58056"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-59419"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2025-67735"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-1225"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/CVE-2026-33871"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-25qh-j22f-pwp8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-264p-99wq-f4j6"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-269q-hmxg-m83q"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-389x-839f-4rhx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-3p8m-j85q-pgmj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-493p-pfq6-5258"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4g8c-wm8x-jfhw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-4gg5-vx3j-xwc7"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-55g7-9cwv-5qfv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-5jpm-x58v-624v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-5mg8-w23w-74h3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6mjq-h674-j845"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-6v67-2wr5-gvf4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-735f-pc8j-v9w8"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-76h9-2vwh-w278"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-78wr-2p64-hpwj"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-7g45-4rm6-3mm3"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-84h7-rjj3-6jx4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-cfxw-4h78-h7fw"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fghv-69vj-qj49"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fjpj-2g6w-x25r"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-fx2c-96vj-985v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-g5ww-5jh7-63cx"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-g8m5-722r-8whq"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-gvpg-vgmx-xg6w"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h4h5-3hr4-j3g2"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-h9mq-f6q5-6c8m"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j26w-f9rq-mr2q"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-j288-q9x7-2f5v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-jq43-27x9-3v86"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-mvr2-9pj6-7w5j"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pqr6-cmr2-h8hf"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-pr98-23f8-jwxv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-prj3-ccx8-p6x4"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-q4rv-gq96-w7c5"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qcwq-55hx-v3vh"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-wxr5-93ph-8wr9"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xpw8-rcwv-8f8p"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xq3w-v528-46rv"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/ghsa-xwmg-2g98-w7v9"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10237"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8908"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41973"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3171"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3509"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3510"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41881"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1370"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34453"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34454"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34455"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52428"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12798"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12801"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13009"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21634"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25638"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27137"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35255"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40094"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47535"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47554"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52046"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6763"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7254"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8184"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9823"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23015"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24860"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25193"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46392"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48924"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53864"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55163"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58057"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59419"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1225"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
    }
  ],
  "related": [],
  "schema_version": "1.7.3",
  "summary": "Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-41973, CVE-2022-24823, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2022-41881, CVE-2023-1370, CVE-2023-2976, CVE-2023-34453, CVE-2023-34454, CVE-2023-34455, CVE-2023-34462, CVE-2023-43642, CVE-2023-44487, CVE-2023-52428, CVE-2024-12798, CVE-2024-12801, CVE-2024-13009, CVE-2024-21634, CVE-2024-25638, CVE-2024-27137, CVE-2024-29025, CVE-2024-35255, CVE-2024-40094, CVE-2024-47535, CVE-2024-47554, CVE-2024-52046, CVE-2024-6763, CVE-2024-7254, CVE-2024-8184, CVE-2024-9823, CVE-2025-23015, CVE-2025-24860, CVE-2025-24970, CVE-2025-25193, CVE-2025-46392, CVE-2025-48734, CVE-2025-48924, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2026-1225, CVE-2026-33870, CVE-2026-33871, ghsa-25qh-j22f-pwp8, ghsa-264p-99wq-f4j6, ghsa-269q-hmxg-m83q, ghsa-389x-839f-4rhx, ghsa-3p8m-j85q-pgmj, ghsa-493p-pfq6-5258, ghsa-4g8c-wm8x-jfhw, ghsa-4gg5-vx3j-xwc7, ghsa-55g7-9cwv-5qfv, ghsa-5jpm-x58v-624v, ghsa-5mg8-w23w-74h3, ghsa-6mjq-h674-j845, ghsa-6v67-2wr5-gvf4, ghsa-735f-pc8j-v9w8, ghsa-76h9-2vwh-w278, ghsa-78wr-2p64-hpwj, ghsa-7g45-4rm6-3mm3, ghsa-84h7-rjj3-6jx4, ghsa-cfxw-4h78-h7fw, ghsa-fghv-69vj-qj49, ghsa-fjpj-2g6w-x25r, ghsa-fx2c-96vj-985v, ghsa-g5ww-5jh7-63cx, ghsa-g8m5-722r-8whq, ghsa-gvpg-vgmx-xg6w, ghsa-h4h5-3hr4-j3g2, ghsa-h9mq-f6q5-6c8m, ghsa-j26w-f9rq-mr2q, ghsa-j288-q9x7-2f5v, ghsa-jq43-27x9-3v86, ghsa-mvr2-9pj6-7w5j, ghsa-pqr6-cmr2-h8hf, ghsa-pr98-23f8-jwxv, ghsa-prj3-ccx8-p6x4, ghsa-q4rv-gq96-w7c5, ghsa-qcwq-55hx-v3vh, ghsa-qqpg-mvqg-649v, ghsa-wxr5-93ph-8wr9, ghsa-xpw8-rcwv-8f8p, ghsa-xq3w-v528-46rv, ghsa-xwmg-2g98-w7v9 applied in versions: 1.0.90-r4, 1.0.91-r0, 1.0.91-r1",
  "upstream": [
    "CVE-2018-10237",
    "CVE-2020-8908",
    "CVE-2021-41973",
    "CVE-2022-24823",
    "CVE-2022-3171",
    "CVE-2022-3509",
    "CVE-2022-3510",
    "CVE-2022-41881",
    "CVE-2023-1370",
    "CVE-2023-2976",
    "CVE-2023-34453",
    "CVE-2023-34454",
    "CVE-2023-34455",
    "CVE-2023-34462",
    "CVE-2023-43642",
    "CVE-2023-44487",
    "CVE-2023-52428",
    "CVE-2024-12798",
    "CVE-2024-12801",
    "CVE-2024-13009",
    "CVE-2024-21634",
    "CVE-2024-25638",
    "CVE-2024-27137",
    "CVE-2024-29025",
    "CVE-2024-35255",
    "CVE-2024-40094",
    "CVE-2024-47535",
    "CVE-2024-47554",
    "CVE-2024-52046",
    "CVE-2024-6763",
    "CVE-2024-7254",
    "CVE-2024-8184",
    "CVE-2024-9823",
    "CVE-2025-23015",
    "CVE-2025-24860",
    "CVE-2025-24970",
    "CVE-2025-25193",
    "CVE-2025-46392",
    "CVE-2025-48734",
    "CVE-2025-48924",
    "CVE-2025-53864",
    "CVE-2025-55163",
    "CVE-2025-58056",
    "CVE-2025-58057",
    "CVE-2025-59419",
    "CVE-2025-67735",
    "CVE-2026-1225",
    "CVE-2026-33870",
    "CVE-2026-33871",
    "ghsa-25qh-j22f-pwp8",
    "ghsa-264p-99wq-f4j6",
    "ghsa-269q-hmxg-m83q",
    "ghsa-389x-839f-4rhx",
    "ghsa-3p8m-j85q-pgmj",
    "ghsa-493p-pfq6-5258",
    "ghsa-4g8c-wm8x-jfhw",
    "ghsa-4gg5-vx3j-xwc7",
    "ghsa-55g7-9cwv-5qfv",
    "ghsa-5jpm-x58v-624v",
    "ghsa-5mg8-w23w-74h3",
    "ghsa-6mjq-h674-j845",
    "ghsa-6v67-2wr5-gvf4",
    "ghsa-735f-pc8j-v9w8",
    "ghsa-76h9-2vwh-w278",
    "ghsa-78wr-2p64-hpwj",
    "ghsa-7g45-4rm6-3mm3",
    "ghsa-84h7-rjj3-6jx4",
    "ghsa-cfxw-4h78-h7fw",
    "ghsa-fghv-69vj-qj49",
    "ghsa-fjpj-2g6w-x25r",
    "ghsa-fx2c-96vj-985v",
    "ghsa-g5ww-5jh7-63cx",
    "ghsa-g8m5-722r-8whq",
    "ghsa-gvpg-vgmx-xg6w",
    "ghsa-h4h5-3hr4-j3g2",
    "ghsa-h9mq-f6q5-6c8m",
    "ghsa-j26w-f9rq-mr2q",
    "ghsa-j288-q9x7-2f5v",
    "ghsa-jq43-27x9-3v86",
    "ghsa-mvr2-9pj6-7w5j",
    "ghsa-pqr6-cmr2-h8hf",
    "ghsa-pr98-23f8-jwxv",
    "ghsa-prj3-ccx8-p6x4",
    "ghsa-q4rv-gq96-w7c5",
    "ghsa-qcwq-55hx-v3vh",
    "ghsa-qqpg-mvqg-649v",
    "ghsa-wxr5-93ph-8wr9",
    "ghsa-xpw8-rcwv-8f8p",
    "ghsa-xq3w-v528-46rv",
    "ghsa-xwmg-2g98-w7v9"
  ]
}

FKIE_CVE-2023-43642

Vulnerability from fkie_nvd - Published: 2023-09-25 20:15 - Updated: 2024-11-21 08:24

Severity

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5	Patch
security-advisories@github.com	https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv	Exploit

Impacted products

	Vendor	Product	Version
	xerial	snappy-java	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xerial:snappy-java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D939A7-FF7A-4C6D-A2B5-D9D3C9D02023",
              "versionEndExcluding": "1.1.10.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources."
    },
    {
      "lang": "es",
      "value": "snappy-java es una adaptaci\u00f3n Java de snappy, un r\u00e1pido compresor/descompresor de C++ desarrollado por Google. Se descubri\u00f3 que SnappyInputStream era vulnerable a ataques de denegaci\u00f3n de servicio (DoS) al descomprimir datos con un tama\u00f1o de fragmento demasiado grande. Debido a que falta la verificaci\u00f3n del l\u00edmite superior en la longitud del fragmento, puede ocurrir un error fatal irrecuperable. Todas las versiones de snappy-java, incluida la \u00faltima versi\u00f3n 1.1.10.3, son vulnerables a este problema.\nSe introdujo una soluci\u00f3n en el commit `9f8c3cf74` que se incluir\u00e1 en la versi\u00f3n 1.1.10.4.\nSe recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar solo deben aceptar datos comprimidos de fuentes confiables."
    }
  ],
  "id": "CVE-2023-43642",
  "lastModified": "2024-11-21T08:24:31.663",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-09-25T20:15:11.723",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-55G7-9CWV-5QFV

Vulnerability from github – Published: 2023-09-25 18:30 – Updated: 2023-09-25 21:43

Summary

snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact

Details

Summary

snappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too-large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur.

Scope

All versions of snappy-java including the latest released version 1.1.10.3. A fix is applied in 1.1.10.4

Details

While performing mitigation efforts related to CVE-2023-34455 in Confluent products, our Application Security team closely analyzed the fix that was accepted and merged into snappy-java version 1.1.10.1 in this commit. The check on line 421 only attempts to check if chunkSize is not a negative value. We believe that this is an inadequate fix as it misses an upper-bounds check for overly positive values such as 0x7FFFFFFF (or (2,147,483,647 in decimal) before actually attempting to allocate the provided unverified number of bytes via the “chunkSize” variable. This missing upper-bounds check can lead to the applications depending upon snappy-java to allocate an inappropriate number of bytes on the heap which can then cause an java.lang.OutOfMemoryError exception. Under some specific conditions and contexts, this can lead to a Denial-of-Service (DoS) attack with a direct impact on the availability of the dependent implementations based on the usage of the snappy-java library for compression/decompression needs.

PoC

Compile and run the following code:

package org.example;
import org.xerial.snappy.SnappyInputStream;

import java.io.*;

public class Main {

    public static void main(String[] args) throws IOException {
        byte[] data = {-126, 'S', 'N', 'A', 'P', 'P', 'Y', 0, 0, 0, 0, 0, 0, 0, 0, 0,(byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff};
        SnappyInputStream in = new SnappyInputStream(new ByteArrayInputStream(data));
        byte[] out = new byte[50];
        try {
            in.read(out);
        }
        catch (Exception ignored) {
        }
    }
}

Impact

Denial of Service of applications dependent on snappy-java especially if ExitOnOutOfMemoryError or CrashOnOutOfMemoryError is configured on the JVM.

Credits

Jan Werner, Mukul Khullar and Bharadwaj Machiraju from Confluent's Application Security team.

We kindly request for a new CVE ID to be assigned once you acknowledge this vulnerability.

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.1.10.3"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.xerial.snappy:snappy-java"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-43642"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-25T18:30:18Z",
    "nvd_published_at": "2023-09-25T20:15:11Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\nsnappy-java is a data compression library in Java. Its SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too-large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. \n\n### Scope\n\nAll versions of snappy-java including the latest released version 1.1.10.3.  A fix is applied in 1.1.10.4\n\n### Details\nWhile performing mitigation efforts related to [CVE-2023-34455](https://nvd.nist.gov/vuln/detail/CVE-2023-34455) in Confluent products, our Application Security team closely analyzed the fix that was accepted and merged into snappy-java version 1.1.10.1 in [this](https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea) commit. The check on [line 421](https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea#diff-c3e53610267092989965e8c7dd2d4417d355ff7f560f9e8075b365f32569079fR421) only attempts to check if chunkSize is not a negative value. We believe that this is an inadequate fix as it misses an upper-bounds check for overly positive values such as 0x7FFFFFFF (or (2,147,483,647 in decimal) before actually [attempting to allocate](https://github.com/xerial/snappy-java/commit/3bf67857fcf70d9eea56eed4af7c925671e8eaea#diff-c3e53610267092989965e8c7dd2d4417d355ff7f560f9e8075b365f32569079fR429) the provided unverified number of bytes via the \u201cchunkSize\u201d variable. This missing upper-bounds check can lead to the applications depending upon snappy-java to allocate an inappropriate number of bytes on the heap which can then cause an  java.lang.OutOfMemoryError exception. Under some specific conditions and contexts, this can lead to a Denial-of-Service (DoS) attack with a direct impact on the availability of the dependent implementations based on the usage of the snappy-java library for compression/decompression needs.\n\n### PoC\nCompile and run the following code:\n```\npackage org.example;\nimport org.xerial.snappy.SnappyInputStream;\n\nimport java.io.*;\n\npublic class Main {\n\n    public static void main(String[] args) throws IOException {\n        byte[] data = {-126, \u0027S\u0027, \u0027N\u0027, \u0027A\u0027, \u0027P\u0027, \u0027P\u0027, \u0027Y\u0027, 0, 0, 0, 0, 0, 0, 0, 0, 0,(byte) 0x7f, (byte) 0xff, (byte) 0xff, (byte) 0xff};\n        SnappyInputStream in = new SnappyInputStream(new ByteArrayInputStream(data));\n        byte[] out = new byte[50];\n        try {\n            in.read(out);\n        }\n        catch (Exception ignored) {\n        }\n    }\n}\n```\n\n### Impact\nDenial of Service of applications dependent on snappy-java especially if `ExitOnOutOfMemoryError` or `CrashOnOutOfMemoryError` is configured on the JVM.\n\n### Credits\nJan Werner, Mukul Khullar and Bharadwaj Machiraju from Confluent\u0027s Application Security team. \n\nWe kindly request for a new CVE ID to be assigned once you acknowledge this vulnerability.",
  "id": "GHSA-55g7-9cwv-5qfv",
  "modified": "2023-09-25T21:43:08Z",
  "published": "2023-09-25T18:30:18Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43642"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xerial/snappy-java"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xerial/snappy-java/releases/tag/v1.1.10.4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "snappy-java\u0027s missing upper bound check on chunk length can lead to Denial of Service (DoS) impact"
}

GSD-2023-43642

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-43642

Aliases

CVE-2023-43642

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-43642",
    "id": "GSD-2023-43642"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-43642"
      ],
      "details": "snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources.",
      "id": "GSD-2023-43642",
      "modified": "2023-12-13T01:20:44.727902Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-43642",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "snappy-java",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003c 1.1.10.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "xerial"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-770",
                "lang": "eng",
                "value": "CWE-770: Allocation of Resources Without Limits or Throttling"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv",
            "refsource": "MISC",
            "url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
          },
          {
            "name": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5",
            "refsource": "MISC",
            "url": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-55g7-9cwv-5qfv",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:xerial:snappy-java:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.1.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-43642"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-770"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv"
            },
            {
              "name": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-09-26T15:46Z",
      "publishedDate": "2023-09-25T20:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-43642 (GCVE-0-2023-43642)

Solutions

Solutions

Solutions

Solutions

Solutions

Vulnerability from cleanstart

Vulnerability from cleanstart

Summary

Scope

Details

PoC

Impact

Credits

Tags

Sightings

Nomenclature