Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-43398 (GCVE-0-2024-43398)
Vulnerability from cvelistv5 – Published: 2024-08-22 14:14 – Updated: 2025-11-03 20:38
VLAI
EPSS
Title
REXML denial of service vulnerability
Summary
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.
Severity
5.9 (Medium)
CWE
- CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/ruby/rexml/security/advisories… | x_refsource_CONFIRM |
| https://github.com/ruby/rexml/releases/tag/v3.3.6 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T14:43:15.415517Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T14:43:24.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:38:50.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250103-0006/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "rexml",
"vendor": "ruby",
"versions": [
{
"status": "affected",
"version": "\u003c 3.3.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "CWE-776: Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T14:14:03.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3"
},
{
"name": "https://github.com/ruby/rexml/releases/tag/v3.3.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ruby/rexml/releases/tag/v3.3.6"
}
],
"source": {
"advisory": "GHSA-vmwr-mc7x-5vc3",
"discovery": "UNKNOWN"
},
"title": "REXML denial of service vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43398",
"datePublished": "2024-08-22T14:14:03.588Z",
"dateReserved": "2024-08-12T18:02:04.965Z",
"dateUpdated": "2025-11-03T20:38:50.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-43398",
"date": "2026-05-29",
"epss": "0.01167",
"percentile": "0.78949"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-43398\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-08-22T15:15:16.440\",\"lastModified\":\"2025-11-03T21:16:18.923\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.\"},{\"lang\":\"es\",\"value\":\"REXML es un conjunto de herramientas XML para Ruby. La gema REXML anterior a 3.3.6 tiene una vulnerabilidad DoS cuando analiza un XML que tiene muchos elementos profundos que tienen los mismos atributos de nombre local. Si necesita analizar archivos XML que no son de confianza con una API de analizador de \u00e1rboles como REXML::Document.new, es posible que se vea afectado por esta vulnerabilidad. Si utiliza otras API de analizador, como la API de analizador de flujo y la API de analizador SAX2, esta vulnerabilidad no se ve afectada. La gema REXML 3.3.6 o posterior incluye el parche para corregir la vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-776\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ruby-lang:rexml:*:*:*:*:*:ruby:*:*\",\"versionEndExcluding\":\"3.3.6\",\"matchCriteriaId\":\"13B8C3F0-3971-43B5-8BF2-10ED1B9E25AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]}],\"references\":[{\"url\":\"https://github.com/ruby/rexml/releases/tag/v3.3.6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20250103-0006/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20250103-0006/\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/01/msg00011.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:38:50.990Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-43398\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-22T14:43:15.415517Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-22T14:43:19.829Z\"}}], \"cna\": {\"title\": \"REXML denial of service vulnerability\", \"source\": {\"advisory\": \"GHSA-vmwr-mc7x-5vc3\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"ruby\", \"product\": \"rexml\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.3.6\"}]}], \"references\": [{\"url\": \"https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3\", \"name\": \"https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/ruby/rexml/releases/tag/v3.3.6\", \"name\": \"https://github.com/ruby/rexml/releases/tag/v3.3.6\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"REXML is an XML toolkit for Ruby. The REXML gem before 3.3.6 has a DoS vulnerability when it parses an XML that has many deep elements that have same local name attributes. If you need to parse untrusted XMLs with tree parser API like REXML::Document.new, you may be impacted to this vulnerability. If you use other parser APIs such as stream parser API and SAX2 parser API, this vulnerability is not affected. The REXML gem 3.3.6 or later include the patch to fix the vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-776\", \"description\": \"CWE-776: Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-08-22T14:14:03.588Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-43398\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T20:38:50.990Z\", \"dateReserved\": \"2024-08-12T18:02:04.965Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-08-22T14:14:03.588Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
alsa-2024:6670
Vulnerability from osv_almalinux
Published
2024-09-16 00:00
Modified
2024-09-17 09:59
Summary
Moderate: pcs security update
Details
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
- rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
- rexml: DoS vulnerability in REXML (CVE-2024-41946)
- rexml: DoS vulnerability in REXML (CVE-2024-43398)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pcs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.18-2.el8_10.2.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "pcs-snmp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.10.18-2.el8_10.2.alma.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nSecurity Fix(es):\n\n* rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, \u003e] and ]\u003e (CVE-2024-41123)\n* rexml: DoS vulnerability in REXML (CVE-2024-41946)\n* rexml: DoS vulnerability in REXML (CVE-2024-43398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:6670",
"modified": "2024-09-17T09:59:44Z",
"published": "2024-09-16T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:6670"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41123"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43398"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302268"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302272"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307297"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-6670.html"
}
],
"related": [
"CVE-2024-41123",
"CVE-2024-41946",
"CVE-2024-43398"
],
"summary": "Moderate: pcs security update"
}
alsa-2024:6784
Vulnerability from osv_almalinux
Published
2024-09-18 00:00
Modified
2024-09-19 16:41
Summary
Moderate: ruby:3.3 security update
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
- rexml: DoS vulnerability in REXML (CVE-2024-39908)
- rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
- rexml: DoS vulnerability in REXML (CVE-2024-41946)
- rexml: DoS vulnerability in REXML (CVE-2024-43398)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-bundled-gems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-default-gems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0-1.module_el8.10.0+3799+191214cc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0-1.module_el8.10.0+3799+191214cc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bigdecimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.5-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.16-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-io-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.1-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-irb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.1-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.1-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-minitest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.20.0-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.5-1.module_el8.10.0+3799+191214cc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.5-1.module_el8.10.0+3799+191214cc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.4-1.module_el8.10.0+3799+191214cc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.4-1.module_el8.10.0+3799+191214cc"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-power_assert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-psych"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.2-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-racc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.1.0-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rbs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.3.1-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rexml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.6-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rss"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.1-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-test-unit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.1-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-typeprof"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.21.9-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.16-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.16-3.module_el8.10.0+3894+6d587c81"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* rexml: DoS vulnerability in REXML (CVE-2024-39908)\n* rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, \u003e] and ]\u003e (CVE-2024-41123)\n* rexml: DoS vulnerability in REXML (CVE-2024-41946)\n* rexml: DoS vulnerability in REXML (CVE-2024-43398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:6784",
"modified": "2024-09-19T16:41:12Z",
"published": "2024-09-18T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:6784"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-39908"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41123"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43398"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2298243"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302268"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302272"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307297"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2024-6784.html"
}
],
"related": [
"CVE-2024-39908",
"CVE-2024-41123",
"CVE-2024-41946",
"CVE-2024-43398"
],
"summary": "Moderate: ruby:3.3 security update"
}
alsa-2024:6785
Vulnerability from osv_almalinux
Published
2024-09-18 00:00
Modified
2024-09-19 16:36
Summary
Moderate: ruby:3.3 security update
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
- rexml: DoS vulnerability in REXML (CVE-2024-39908)
- rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
- rexml: DoS vulnerability in REXML (CVE-2024-41946)
- rexml: DoS vulnerability in REXML (CVE-2024-43398)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "ruby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "ruby-bundled-gems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "ruby-default-gems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "ruby-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "ruby-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "ruby-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.5-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-bigdecimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.5-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.16-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-io-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.7.1-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-irb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.13.1-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.1-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-minitest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.20.0-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.5-1.module_el9.4.0+75+1a8fe981"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.5-1.module_el9.4.0+75+1a8fe981"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.4-1.module_el9.4.0+75+1a8fe981"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.4-1.module_el9.4.0+75+1a8fe981"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-power_assert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.3-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-psych"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.1.2-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-racc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.7.3-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-rake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.1.0-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-rbs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.4.0-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-rdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.6.3.1-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-rexml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.6-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-rss"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.1-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-test-unit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.1-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-typeprof"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.21.9-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.16-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygems-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.16-3.module_el9.4.0+115+226a984b"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.\n\nSecurity Fix(es):\n\n* rexml: DoS vulnerability in REXML (CVE-2024-39908)\n* rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, \u003e] and ]\u003e (CVE-2024-41123)\n* rexml: DoS vulnerability in REXML (CVE-2024-41946)\n* rexml: DoS vulnerability in REXML (CVE-2024-43398)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2024:6785",
"modified": "2024-09-19T16:36:01Z",
"published": "2024-09-18T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2024:6785"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-39908"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41123"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43398"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2298243"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302268"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302272"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307297"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2024-6785.html"
}
],
"related": [
"CVE-2024-39908",
"CVE-2024-41123",
"CVE-2024-41946",
"CVE-2024-43398"
],
"summary": "Moderate: ruby:3.3 security update"
}
alsa-2025:4063
Vulnerability from osv_almalinux
Published
2025-04-22 00:00
Modified
2026-04-09 17:45
Summary
Moderate: ruby:3.1 security update
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
- rexml: DoS vulnerability in REXML (CVE-2024-39908)
- rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
- rexml: DoS vulnerability in REXML (CVE-2024-41946)
- rexml: DoS vulnerability in REXML (CVE-2024-43398)
- CGI: ReDoS in CGI::Util#escapeElement (CVE-2025-27220)
- CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)
- uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.7-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-bundled-gems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.7-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-default-gems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.7-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.7-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.7-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "ruby-libs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.7-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0-1.module_el8.9.0+3746+91b8233a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-abrt-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.4.0-1.module_el8.10.0+3854+02eaa59a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bigdecimal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-bundler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.27-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-io-console"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.11-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-irb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.1-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-json"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.1-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-minitest"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.15.0-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-3.module_el8.10.0+3854+02eaa59a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-3.module_el8.9.0+3746+91b8233a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.3-3.module_el8.10.0+3854+02eaa59a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2-1.module_el8.10.0+3854+02eaa59a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2-1.module_el8.9.0+3746+91b8233a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.2-1.module_el8.10.0+3854+02eaa59a"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-power_assert"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.1-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-psych"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.0.4-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rake"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "13.0.6-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rbs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.7.0-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rdoc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.4.1.1-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rexml"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.9-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-rss"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.3.1-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-test-unit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.5.3-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygem-typeprof"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.21.3-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.27-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "rubygems-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.27-145.module_el8.10.0+3984+cf55e3df"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. \n\nSecurity Fix(es): \n\n * rexml: DoS vulnerability in REXML (CVE-2024-39908)\n * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, \u003e] and ]\u003e (CVE-2024-41123)\n * rexml: DoS vulnerability in REXML (CVE-2024-41946)\n * rexml: DoS vulnerability in REXML (CVE-2024-43398)\n * CGI: ReDoS in CGI::Util#escapeElement (CVE-2025-27220)\n * CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)\n * uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:4063",
"modified": "2026-04-09T17:45:54Z",
"published": "2025-04-22T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:4063"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-39908"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41123"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43398"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-27219"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-27220"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-27221"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2298243"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302268"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302272"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307297"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2349696"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2349699"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2349700"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2025-4063.html"
}
],
"related": [
"CVE-2024-39908",
"CVE-2024-41123",
"CVE-2024-41946",
"CVE-2024-43398",
"CVE-2025-27220",
"CVE-2025-27219",
"CVE-2025-27221"
],
"summary": "Moderate: ruby:3.1 security update"
}
alsa-2025:4488
Vulnerability from osv_almalinux
Published
2025-05-06 00:00
Modified
2025-05-06 14:32
Summary
Moderate: ruby:3.1 security update
Details
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
- rexml: DoS vulnerability in REXML (CVE-2024-39908)
- rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
- rexml: DoS vulnerability in REXML (CVE-2024-41946)
- rexml: DoS vulnerability in REXML (CVE-2024-43398)
- CGI: ReDoS in CGI::Util#escapeElement (CVE-2025-27220)
- CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)
- uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-mysql2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.4-1.module_el9.1.0+8+503f6fbd"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-mysql2-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.4-1.module_el9.1.0+8+503f6fbd"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-pg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.5-1.module_el9.1.0+8+503f6fbd"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "rubygem-pg-doc"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.3.5-1.module_el9.1.0+8+503f6fbd"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. \n\nSecurity Fix(es): \n\n * rexml: DoS vulnerability in REXML (CVE-2024-39908)\n * rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, \u003e] and ]\u003e (CVE-2024-41123)\n * rexml: DoS vulnerability in REXML (CVE-2024-41946)\n * rexml: DoS vulnerability in REXML (CVE-2024-43398)\n * CGI: ReDoS in CGI::Util#escapeElement (CVE-2025-27220)\n * CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)\n * uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
"id": "ALSA-2025:4488",
"modified": "2025-05-06T14:32:01Z",
"published": "2025-05-06T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2025:4488"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-39908"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41123"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-41946"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2024-43398"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-27219"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-27220"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2025-27221"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2298243"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302268"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2302272"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2307297"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2349696"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2349699"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2349700"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2025-4488.html"
}
],
"related": [
"CVE-2024-39908",
"CVE-2024-41123",
"CVE-2024-41946",
"CVE-2024-43398",
"CVE-2025-27220",
"CVE-2025-27219",
"CVE-2025-27221"
],
"summary": "Moderate: ruby:3.1 security update"
}
Title
Уязвимость набора инструментов XML для Ruby REXML, связанная с неправильным ограничением рекурсивных ссылок на сущности в DTD, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость набора инструментов XML для Ruby REXML связана с неправильным ограничением рекурсивных ссылок на сущности в DTD. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
Сообщество свободного программного обеспечения, ООО «Ред Софт», Ruby Team
Software Name
Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), REXML
Software Version
11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), до 3.3.6 (REXML)
Possible Mitigations
Использование рекомендаций:
Для REXML:
https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
Для РедоС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2024-43398
Reference
https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3
https://redos.red-soft.ru/support/secure/
https://security-tracker.debian.org/tracker/CVE-2024-43398
CWE
CWE-776
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Ruby Team",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 3.3.6 (REXML)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f REXML:\nhttps://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u043e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-43398",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "22.08.2024",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.09.2024",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-07430",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-43398",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), REXML",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 XML \u0434\u043b\u044f Ruby REXML, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u044b\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0441\u0443\u0449\u043d\u043e\u0441\u0442\u0438 \u0432 DTD, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u044b\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u043e\u0431\u044a\u0435\u043a\u0442\u044b \u0432 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044f\u0445 \u0442\u0438\u043f\u0430 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u0430 (TDT) (CWE-776)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 XML \u0434\u043b\u044f Ruby REXML \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u043c \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435\u043c \u0440\u0435\u043a\u0443\u0440\u0441\u0438\u0432\u043d\u044b\u0445 \u0441\u0441\u044b\u043b\u043e\u043a \u043d\u0430 \u0441\u0443\u0449\u043d\u043e\u0441\u0442\u0438 \u0432 DTD. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/ruby/rexml/security/advisories/GHSA-vmwr-mc7x-5vc3\nhttps://redos.red-soft.ru/support/secure/\nhttps://security-tracker.debian.org/tracker/CVE-2024-43398",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-776",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)"
}
CERTFR-2024-AVI-0923
Vulnerability from certfr_avis - Published: 2024-10-25 - Updated: 2024-10-25
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Sterling | Sterling Connect:Express pour UNIX versions 1.5.x antérieures à 1.5.0.17010 | ||
| IBM | QRadar | QRadar Assistant versions antérieures à 3.8.1 | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (Android) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 GA | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.5.0 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 GA | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP4 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.0.x antérieures à 6.1.0.2 GA | ||
| IBM | Cognos Analytics | Cognos Analytics Mobile (iOS) versions 1.1.x antérieures à 1.1.20 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.0.x antérieures à 6.0.3.1 GA |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sterling Connect:Express pour UNIX versions 1.5.x ant\u00e9rieures \u00e0 1.5.0.17010",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Assistant versions ant\u00e9rieures \u00e0 3.8.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (Android) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 ",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.0.x ant\u00e9rieures \u00e0 6.1.0.2 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics Mobile (iOS) versions 1.1.x ant\u00e9rieures \u00e0 1.1.20",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 GA",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2022-0144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0144"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2024-37891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
},
{
"name": "CVE-2023-38264",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38264"
},
{
"name": "CVE-2024-22201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22201"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2023-25166",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25166"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2023-28856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28856"
},
{
"name": "CVE-2021-28169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28169"
},
{
"name": "CVE-2018-12538",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12538"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-21890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21890"
},
{
"name": "CVE-2024-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21896"
},
{
"name": "CVE-2023-50312",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50312"
},
{
"name": "CVE-2024-3933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3933"
},
{
"name": "CVE-2022-25883",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-38737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38737"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2022-36943",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36943"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-38009",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38009"
},
{
"name": "CVE-2023-45133",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
},
{
"name": "CVE-2023-26049",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
},
{
"name": "CVE-2023-46809",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46809"
},
{
"name": "CVE-2020-27216",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27216"
},
{
"name": "CVE-2019-13224",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13224"
},
{
"name": "CVE-2022-29622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29622"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-30172",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30172"
},
{
"name": "CVE-2021-43138",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
},
{
"name": "CVE-2023-45145",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45145"
},
{
"name": "CVE-2024-22019",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22019"
},
{
"name": "CVE-2023-0842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0842"
},
{
"name": "CVE-2023-22467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22467"
},
{
"name": "CVE-2024-21011",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21011"
},
{
"name": "CVE-2024-22329",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22329"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2024-21892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21892"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2022-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43383"
},
{
"name": "CVE-2019-16163",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16163"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2022-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3517"
},
{
"name": "CVE-2024-35195",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-21094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21094"
},
{
"name": "CVE-2023-51775",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51775"
},
{
"name": "CVE-2018-12545",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12545"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2023-52428",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52428"
},
{
"name": "CVE-2024-41784",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41784"
},
{
"name": "CVE-2021-3803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3803"
},
{
"name": "CVE-2023-40167",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
},
{
"name": "CVE-2023-41900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2022-24834",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24834"
},
{
"name": "CVE-2023-36479",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2023-44483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44483"
},
{
"name": "CVE-2024-27270",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27270"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-21891",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21891"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-22017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22017"
},
{
"name": "CVE-2022-0235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
},
{
"name": "CVE-2019-10241",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10241"
},
{
"name": "CVE-2022-24736",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24736"
},
{
"name": "CVE-2024-25042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25042"
},
{
"name": "CVE-2024-34064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34064"
},
{
"name": "CVE-2020-15168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15168"
},
{
"name": "CVE-2023-29262",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29262"
},
{
"name": "CVE-2023-26048",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
},
{
"name": "CVE-2024-21085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21085"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2022-24735",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24735"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-39689",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39689"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2019-19012",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19012"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2012-2677",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2677"
},
{
"name": "CVE-2024-6345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
},
{
"name": "CVE-2021-34428",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34428"
}
],
"initial_release_date": "2024-10-25T00:00:00",
"last_revision_date": "2024-10-25T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0923",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-25T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173631",
"url": "https://www.ibm.com/support/pages/node/7173631"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174016",
"url": "https://www.ibm.com/support/pages/node/7174016"
},
{
"published_at": "2024-10-24",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7174015",
"url": "https://www.ibm.com/support/pages/node/7174015"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173632",
"url": "https://www.ibm.com/support/pages/node/7173632"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172691",
"url": "https://www.ibm.com/support/pages/node/7172691"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7172692",
"url": "https://www.ibm.com/support/pages/node/7172692"
},
{
"published_at": "2024-10-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173592",
"url": "https://www.ibm.com/support/pages/node/7173592"
},
{
"published_at": "2024-10-23",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7173866",
"url": "https://www.ibm.com/support/pages/node/7173866"
}
]
}
CERTFR-2025-AVI-0279
Vulnerability from certfr_avis - Published: 2025-04-04 - Updated: 2025-04-04
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Db2 | Db2 versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Application Server Liberty sans le correctif APAR PH65394 | ||
| IBM | Db2 Warehouse | Db2 Warehouse versions antérieures à 5.1.2 pour Cloud Pak for Data | ||
| IBM | WebSphere | WebSphere Hybrid Edition sans le dernier correctif de sécurité | ||
| IBM | QRadar Analyst Workflow | QRadar Analyst Workflow versions antérieures à 3.0.0 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Db2 versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server Liberty sans le correctif APAR PH65394",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Db2 Warehouse versions ant\u00e9rieures \u00e0 5.1.2 pour Cloud Pak for Data",
"product": {
"name": "Db2 Warehouse",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Hybrid Edition sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Analyst Workflow versions ant\u00e9rieures \u00e0 3.0.0",
"product": {
"name": "QRadar Analyst Workflow",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-45857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
},
{
"name": "CVE-2023-45142",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45142"
},
{
"name": "CVE-2022-48890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48890"
},
{
"name": "CVE-2024-35176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35176"
},
{
"name": "CVE-2024-37071",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37071"
},
{
"name": "CVE-2025-25285",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25285"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2024-34997",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34997"
},
{
"name": "CVE-2024-51479",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51479"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35946"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2024-41761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41761"
},
{
"name": "CVE-2022-29153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29153"
},
{
"name": "CVE-2023-52605",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52605"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2018-6341",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6341"
},
{
"name": "CVE-2023-52455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52455"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2025-27152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27152"
},
{
"name": "CVE-2024-26740",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26740"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2025-25288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25288"
},
{
"name": "CVE-2024-35790",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35790"
},
{
"name": "CVE-2022-48921",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48921"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2025-25290",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25290"
},
{
"name": "CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2021-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47495"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-52832",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52832"
},
{
"name": "CVE-2024-41110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41110"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2023-43804",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
},
{
"name": "CVE-2024-6484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6484"
},
{
"name": "CVE-2020-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13844"
},
{
"name": "CVE-2024-26776",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26776"
},
{
"name": "CVE-2024-6485",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6485"
},
{
"name": "CVE-2024-41762",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41762"
},
{
"name": "CVE-2024-39494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39494"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-6119",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
},
{
"name": "CVE-2021-4204",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4204"
},
{
"name": "CVE-2024-26843",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26843"
},
{
"name": "CVE-2024-40679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40679"
},
{
"name": "CVE-2023-52885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52885"
},
{
"name": "CVE-2018-20225",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20225"
},
{
"name": "CVE-2019-11253",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11253"
},
{
"name": "CVE-2023-52898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52898"
},
{
"name": "CVE-2025-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25289"
},
{
"name": "CVE-2024-45663",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45663"
},
{
"name": "CVE-2023-52467",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52467"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-36620",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36620"
},
{
"name": "CVE-2022-48706",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48706"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
}
],
"initial_release_date": "2025-04-04T00:00:00",
"last_revision_date": "2025-04-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0279",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-04-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7230024",
"url": "https://www.ibm.com/support/pages/node/7230024"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229770",
"url": "https://www.ibm.com/support/pages/node/7229770"
},
{
"published_at": "2025-03-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229443",
"url": "https://www.ibm.com/support/pages/node/7229443"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229768",
"url": "https://www.ibm.com/support/pages/node/7229768"
},
{
"published_at": "2025-04-01",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7229772",
"url": "https://www.ibm.com/support/pages/node/7229772"
}
]
}
CERTFR-2025-AVI-0855
Vulnerability from certfr_avis - Published: 2025-10-09 - Updated: 2025-10-09
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 24.4 antérieures à 24.4R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 22.4R3-S8-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4 antérieures à 23.4R2-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2-EVO antérieures à 23.2R2-S4-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 22.4R3-S8 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2-EVO antérieures à 24.2R2-S2-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.4-EVO antérieures à 24.4R2-EVO | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 24.1R4 | ||
| Juniper Networks | Security Director | Security Director Policy Enforcer versions antérieures à 23.1R1 Hotpatch v3 | ||
| Juniper Networks | Junos Space | Junos Space Security Director versions antérieures à 24.1R4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4-EVO antérieures à 23.4R2-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2 antérieures à 23.2R2-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2 antérieures à 24.2R2-S1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 24.4 ant\u00e9rieures \u00e0 24.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 22.4R3-S8-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4 ant\u00e9rieures \u00e0 23.4R2-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2-EVO ant\u00e9rieures \u00e0 23.2R2-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 22.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2-EVO ant\u00e9rieures \u00e0 24.2R2-S2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.4-EVO ant\u00e9rieures \u00e0 24.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 24.1R4",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 23.1R1 Hotpatch v3",
"product": {
"name": "Security Director",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space Security Director versions ant\u00e9rieures \u00e0 24.1R4",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4-EVO ant\u00e9rieures \u00e0 23.4R2-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2 ant\u00e9rieures \u00e0 23.2R2-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2 ant\u00e9rieures \u00e0 24.2R2-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-24795",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24795"
},
{
"name": "CVE-2024-36903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36903"
},
{
"name": "CVE-2023-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44431"
},
{
"name": "CVE-2021-47606",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47606"
},
{
"name": "CVE-2025-59993",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59993"
},
{
"name": "CVE-2025-59997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59997"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2025-59995",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59995"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2023-28466",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28466"
},
{
"name": "CVE-2024-36921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36921"
},
{
"name": "CVE-2025-59986",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59986"
},
{
"name": "CVE-2025-60009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60009"
},
{
"name": "CVE-2025-59989",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59989"
},
{
"name": "CVE-2024-26897",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26897"
},
{
"name": "CVE-2023-46103",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46103"
},
{
"name": "CVE-2024-27052",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27052"
},
{
"name": "CVE-2023-2235",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2235"
},
{
"name": "CVE-2025-59999",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59999"
},
{
"name": "CVE-2025-59994",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59994"
},
{
"name": "CVE-2024-4076",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4076"
},
{
"name": "CVE-2025-59967",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59967"
},
{
"name": "CVE-2022-24805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24805"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2023-3390",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3390"
},
{
"name": "CVE-2024-37356",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37356"
},
{
"name": "CVE-2024-47538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47538"
},
{
"name": "CVE-2023-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4004"
},
{
"name": "CVE-2024-21823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21823"
},
{
"name": "CVE-2025-59991",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59991"
},
{
"name": "CVE-2024-5564",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5564"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2023-28746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28746"
},
{
"name": "CVE-2023-52864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52864"
},
{
"name": "CVE-2025-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26600"
},
{
"name": "CVE-2024-3596",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
},
{
"name": "CVE-2024-27280",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27280"
},
{
"name": "CVE-2024-36929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36929"
},
{
"name": "CVE-2023-35788",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35788"
},
{
"name": "CVE-2025-59982",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59982"
},
{
"name": "CVE-2024-1975",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1975"
},
{
"name": "CVE-2023-43785",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43785"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2018-17247",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17247"
},
{
"name": "CVE-2025-60004",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60004"
},
{
"name": "CVE-2023-51594",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51594"
},
{
"name": "CVE-2024-22025",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22025"
},
{
"name": "CVE-2023-50229",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50229"
},
{
"name": "CVE-2025-59974",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59974"
},
{
"name": "CVE-2025-26598",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26598"
},
{
"name": "CVE-2018-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3824"
},
{
"name": "CVE-2024-40928",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40928"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2024-8508",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8508"
},
{
"name": "CVE-2024-36020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36020"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2025-59981",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59981"
},
{
"name": "CVE-2023-31248",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31248"
},
{
"name": "CVE-2024-1737",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1737"
},
{
"name": "CVE-2023-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25193"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2023-3090",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3090"
},
{
"name": "CVE-2024-35937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35937"
},
{
"name": "CVE-2025-59968",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59968"
},
{
"name": "CVE-2023-51592",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51592"
},
{
"name": "CVE-2025-59990",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59990"
},
{
"name": "CVE-2021-22146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22146"
},
{
"name": "CVE-2025-59978",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59978"
},
{
"name": "CVE-2024-25629",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
},
{
"name": "CVE-2024-36017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36017"
},
{
"name": "CVE-2024-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24806"
},
{
"name": "CVE-2024-27434",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27434"
},
{
"name": "CVE-2023-47038",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-47038"
},
{
"name": "CVE-2024-35852",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35852"
},
{
"name": "CVE-2024-38558",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38558"
},
{
"name": "CVE-2025-59992",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59992"
},
{
"name": "CVE-2024-35845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35845"
},
{
"name": "CVE-2021-41072",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41072"
},
{
"name": "CVE-2025-60000",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60000"
},
{
"name": "CVE-2022-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24807"
},
{
"name": "CVE-2024-47607",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47607"
},
{
"name": "CVE-2024-27065",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27065"
},
{
"name": "CVE-2024-36005",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36005"
},
{
"name": "CVE-2023-45866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45866"
},
{
"name": "CVE-2023-27349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27349"
},
{
"name": "CVE-2023-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
},
{
"name": "CVE-2015-5377",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5377"
},
{
"name": "CVE-2023-48161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48161"
},
{
"name": "CVE-2022-24810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24810"
},
{
"name": "CVE-2024-33621",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33621"
},
{
"name": "CVE-2024-27983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27983"
},
{
"name": "CVE-2025-60001",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60001"
},
{
"name": "CVE-2024-5742",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5742"
},
{
"name": "CVE-2023-50230",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50230"
},
{
"name": "CVE-2025-52960",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52960"
},
{
"name": "CVE-2024-36922",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36922"
},
{
"name": "CVE-2025-59996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59996"
},
{
"name": "CVE-2024-39487",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39487"
},
{
"name": "CVE-2024-27982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27982"
},
{
"name": "CVE-2023-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38575"
},
{
"name": "CVE-2024-35911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35911"
},
{
"name": "CVE-2025-59957",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59957"
},
{
"name": "CVE-2025-59958",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59958"
},
{
"name": "CVE-2021-41043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41043"
},
{
"name": "CVE-2018-17244",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17244"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-39908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39908"
},
{
"name": "CVE-2025-26597",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26597"
},
{
"name": "CVE-2024-36971",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36971"
},
{
"name": "CVE-2023-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2603"
},
{
"name": "CVE-2024-41946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41946"
},
{
"name": "CVE-2023-3776",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3776"
},
{
"name": "CVE-2024-42934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42934"
},
{
"name": "CVE-2023-51580",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51580"
},
{
"name": "CVE-2024-35848",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35848"
},
{
"name": "CVE-2024-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27417"
},
{
"name": "CVE-2023-21102",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21102"
},
{
"name": "CVE-2024-27281",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27281"
},
{
"name": "CVE-2025-59983",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59983"
},
{
"name": "CVE-2024-36941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36941"
},
{
"name": "CVE-2024-2236",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2236"
},
{
"name": "CVE-2024-38428",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38428"
},
{
"name": "CVE-2024-35969",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35969"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2025-60006",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60006"
},
{
"name": "CVE-2024-36489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36489"
},
{
"name": "CVE-2015-1427",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1427"
},
{
"name": "CVE-2024-38575",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38575"
},
{
"name": "CVE-2024-35899",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35899"
},
{
"name": "CVE-2024-35823",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35823"
},
{
"name": "CVE-2024-40954",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40954"
},
{
"name": "CVE-2024-9632",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9632"
},
{
"name": "CVE-2023-38408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-38408"
},
{
"name": "CVE-2025-26595",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26595"
},
{
"name": "CVE-2024-26868",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26868"
},
{
"name": "CVE-2023-43787",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43787"
},
{
"name": "CVE-2023-43786",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43786"
},
{
"name": "CVE-2024-8235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8235"
},
{
"name": "CVE-2023-4147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4147"
},
{
"name": "CVE-2025-59977",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59977"
},
{
"name": "CVE-2023-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6004"
},
{
"name": "CVE-2023-3610",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3610"
},
{
"name": "CVE-2025-26596",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26596"
},
{
"name": "CVE-2024-4603",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
},
{
"name": "CVE-2022-48622",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48622"
},
{
"name": "CVE-2021-42550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2024-26828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26828"
},
{
"name": "CVE-2025-59998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59998"
},
{
"name": "CVE-2024-26808",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26808"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2025-60002",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60002"
},
{
"name": "CVE-2023-35001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35001"
},
{
"name": "CVE-2024-27282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27282"
},
{
"name": "CVE-2018-3831",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3831"
},
{
"name": "CVE-2023-43490",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-43490"
},
{
"name": "CVE-2025-59976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59976"
},
{
"name": "CVE-2025-59980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59980"
},
{
"name": "CVE-2025-26599",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26599"
},
{
"name": "CVE-2024-47615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47615"
},
{
"name": "CVE-2018-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3823"
},
{
"name": "CVE-2023-22655",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22655"
},
{
"name": "CVE-2024-6126",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6126"
},
{
"name": "CVE-2023-4911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4911"
},
{
"name": "CVE-2023-39368",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39368"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2024-26853",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26853"
},
{
"name": "CVE-2025-59975",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59975"
},
{
"name": "CVE-2025-0624",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0624"
},
{
"name": "CVE-2025-59987",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59987"
},
{
"name": "CVE-2024-40958",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40958"
},
{
"name": "CVE-2018-3826",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3826"
},
{
"name": "CVE-2025-26601",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26601"
},
{
"name": "CVE-2024-52337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52337"
},
{
"name": "CVE-2025-59985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59985"
},
{
"name": "CVE-2025-11198",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11198"
},
{
"name": "CVE-2022-24806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24806"
},
{
"name": "CVE-2023-32233",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32233"
},
{
"name": "CVE-2024-35789",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35789"
},
{
"name": "CVE-2024-26327",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26327"
},
{
"name": "CVE-2015-3253",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
},
{
"name": "CVE-2025-59964",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59964"
},
{
"name": "CVE-2025-59988",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59988"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-34397",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34397"
},
{
"name": "CVE-2023-45733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-45733"
},
{
"name": "CVE-2021-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40153"
},
{
"name": "CVE-2024-6655",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6655"
},
{
"name": "CVE-2024-41123",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41123"
},
{
"name": "CVE-2024-27049",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27049"
},
{
"name": "CVE-2025-59984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59984"
},
{
"name": "CVE-2025-52961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52961"
},
{
"name": "CVE-2023-51589",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51589"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-28182",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28182"
},
{
"name": "CVE-2021-3903",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3903"
},
{
"name": "CVE-2024-35800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35800"
},
{
"name": "CVE-2023-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2124"
},
{
"name": "CVE-2023-51596",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51596"
},
{
"name": "CVE-2025-60010",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60010"
},
{
"name": "CVE-2023-51764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51764"
},
{
"name": "CVE-2025-26594",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26594"
},
{
"name": "CVE-2024-6409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6409"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2022-24808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24808"
},
{
"name": "CVE-2025-59962",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59962"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"initial_release_date": "2025-10-09T00:00:00",
"last_revision_date": "2025-10-09T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0855",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103140",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-XSS-vulnerabilities-resolved-in-24-1R4-release"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103141",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R4-release"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103163",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103168",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103171",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Reflected-client-side-HTTP-parameter-pollution-vulnerability-in-web-interface-CVE-2025-59977"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103167",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103156",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103437",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Security-Director-Policy-Enforcer-An-unrestricted-API-allows-a-network-based-unauthenticated-attacker-to-deploy-malicious-vSRX-images-to-VMWare-NSX-Server-CVE-2025-11198"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103172",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Flooding-device-with-inbound-API-calls-leads-to-WebUI-and-CLI-management-access-DoS-CVE-2025-59975"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103157",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-sensitive-resources-in-web-interface-CVE-2025-59968"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103170",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Arbitrary-file-download-vulnerability-in-web-interface-CVE-2025-59976"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103139",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103151",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103153",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103147",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103144",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103143",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103146",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103138",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-Space-Security-Director-Multiple-vulnerabilities-resolved-in-24-1R4-by-upgrading-Log4j-Java-library-to-2-23-1-and-ElasticSearch-to-6-8-17"
},
{
"published_at": "2025-10-08",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA103165",
"url": "https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004"
}
]
}
CERTFR-2025-AVI-0961
Vulnerability from certfr_avis - Published: 2025-11-04 - Updated: 2025-11-04
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | macOS | macOS Tahoe versions antérieures à 26.1 | ||
| Apple | iPadOS | iPadOS versions antérieures à 26.1 | ||
| Apple | macOS | macOS Sequoia versions antérieures à 15.7.2 | ||
| Apple | Safari | Safari versions antérieures à 26.1 | ||
| Apple | Xcode | Xcode versions antérieures à 26.1 | ||
| Apple | watchOS | watchOS versions antérieures à 26.1 | ||
| Apple | iOS | iOS versions antérieures à 26.1 | ||
| Apple | tvOS | tvOS versions antérieures à 26.1 | ||
| Apple | macOS | macOS Sonoma versions antérieures à 14.8.2 | ||
| Apple | visionOS | visionOS versions antérieures à 26.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "macOS Tahoe versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "iPadOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.7.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "Xcode",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "watchOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "iOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "tvOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.8.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "visionOS versions ant\u00e9rieures \u00e0 26.1",
"product": {
"name": "visionOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-43292",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43292"
},
{
"name": "CVE-2025-43505",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43505"
},
{
"name": "CVE-2025-43432",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43432"
},
{
"name": "CVE-2025-43372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43372"
},
{
"name": "CVE-2025-43426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43426"
},
{
"name": "CVE-2025-43480",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43480"
},
{
"name": "CVE-2025-43449",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43449"
},
{
"name": "CVE-2025-43348",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43348"
},
{
"name": "CVE-2025-43351",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43351"
},
{
"name": "CVE-2025-43373",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43373"
},
{
"name": "CVE-2025-43441",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43441"
},
{
"name": "CVE-2025-43443",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43443"
},
{
"name": "CVE-2025-43476",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43476"
},
{
"name": "CVE-2025-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30465"
},
{
"name": "CVE-2025-43448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43448"
},
{
"name": "CVE-2025-43497",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43497"
},
{
"name": "CVE-2025-43446",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43446"
},
{
"name": "CVE-2025-43500",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43500"
},
{
"name": "CVE-2025-43431",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43431"
},
{
"name": "CVE-2025-43452",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43452"
},
{
"name": "CVE-2025-43504",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43504"
},
{
"name": "CVE-2025-43467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43467"
},
{
"name": "CVE-2025-43496",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43496"
},
{
"name": "CVE-2025-43420",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43420"
},
{
"name": "CVE-2025-43450",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43450"
},
{
"name": "CVE-2025-43406",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43406"
},
{
"name": "CVE-2025-43402",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43402"
},
{
"name": "CVE-2025-43384",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43384"
},
{
"name": "CVE-2025-43434",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43434"
},
{
"name": "CVE-2025-43422",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43422"
},
{
"name": "CVE-2025-43503",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43503"
},
{
"name": "CVE-2025-43502",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43502"
},
{
"name": "CVE-2025-43440",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43440"
},
{
"name": "CVE-2024-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43398"
},
{
"name": "CVE-2025-43427",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43427"
},
{
"name": "CVE-2025-43394",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43394"
},
{
"name": "CVE-2025-43335",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43335"
},
{
"name": "CVE-2025-43458",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43458"
},
{
"name": "CVE-2025-43411",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43411"
},
{
"name": "CVE-2025-43469",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43469"
},
{
"name": "CVE-2025-43498",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43498"
},
{
"name": "CVE-2025-43424",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43424"
},
{
"name": "CVE-2025-43423",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43423"
},
{
"name": "CVE-2025-43472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43472"
},
{
"name": "CVE-2025-43459",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43459"
},
{
"name": "CVE-2025-43392",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43392"
},
{
"name": "CVE-2025-43462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43462"
},
{
"name": "CVE-2025-43401",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43401"
},
{
"name": "CVE-2025-43386",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43386"
},
{
"name": "CVE-2025-43493",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43493"
},
{
"name": "CVE-2025-43481",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43481"
},
{
"name": "CVE-2025-43405",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43405"
},
{
"name": "CVE-2025-43506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43506"
},
{
"name": "CVE-2025-43322",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43322"
},
{
"name": "CVE-2025-32462",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32462"
},
{
"name": "CVE-2025-43400",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43400"
},
{
"name": "CVE-2025-43468",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43468"
},
{
"name": "CVE-2025-43395",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43395"
},
{
"name": "CVE-2025-43421",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43421"
},
{
"name": "CVE-2025-43435",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43435"
},
{
"name": "CVE-2025-43464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43464"
},
{
"name": "CVE-2025-43442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43442"
},
{
"name": "CVE-2025-43377",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43377"
},
{
"name": "CVE-2025-43438",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43438"
},
{
"name": "CVE-2025-43460",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43460"
},
{
"name": "CVE-2025-43429",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43429"
},
{
"name": "CVE-2025-43407",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43407"
},
{
"name": "CVE-2025-43334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43334"
},
{
"name": "CVE-2025-43414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43414"
},
{
"name": "CVE-2025-43385",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43385"
},
{
"name": "CVE-2025-43444",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43444"
},
{
"name": "CVE-2025-43404",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43404"
},
{
"name": "CVE-2025-43495",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43495"
},
{
"name": "CVE-2025-43465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43465"
},
{
"name": "CVE-2025-43461",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43461"
},
{
"name": "CVE-2025-43294",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43294"
},
{
"name": "CVE-2025-43390",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43390"
},
{
"name": "CVE-2025-43499",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43499"
},
{
"name": "CVE-2025-43350",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43350"
},
{
"name": "CVE-2025-43391",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43391"
},
{
"name": "CVE-2025-43378",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43378"
},
{
"name": "CVE-2025-43473",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43473"
},
{
"name": "CVE-2025-43445",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43445"
},
{
"name": "CVE-2025-43338",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43338"
},
{
"name": "CVE-2025-43409",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43409"
},
{
"name": "CVE-2025-43399",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43399"
},
{
"name": "CVE-2025-43383",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43383"
},
{
"name": "CVE-2025-43474",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43474"
},
{
"name": "CVE-2025-43471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43471"
},
{
"name": "CVE-2025-43387",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43387"
},
{
"name": "CVE-2025-43479",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43479"
},
{
"name": "CVE-2025-43447",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43447"
},
{
"name": "CVE-2025-43477",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43477"
},
{
"name": "CVE-2025-43413",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43413"
},
{
"name": "CVE-2025-43507",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43507"
},
{
"name": "CVE-2025-43336",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43336"
},
{
"name": "CVE-2025-43433",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43433"
},
{
"name": "CVE-2025-43430",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43430"
},
{
"name": "CVE-2025-43337",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43337"
},
{
"name": "CVE-2025-43380",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43380"
},
{
"name": "CVE-2025-43397",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43397"
},
{
"name": "CVE-2025-43455",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43455"
},
{
"name": "CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"name": "CVE-2025-43412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43412"
},
{
"name": "CVE-2025-43388",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43388"
},
{
"name": "CVE-2025-43396",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43396"
},
{
"name": "CVE-2025-43454",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43454"
},
{
"name": "CVE-2025-43439",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43439"
},
{
"name": "CVE-2025-43381",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43381"
},
{
"name": "CVE-2025-43382",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43382"
},
{
"name": "CVE-2025-43466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43466"
},
{
"name": "CVE-2025-43364",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43364"
},
{
"name": "CVE-2025-43393",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43393"
},
{
"name": "CVE-2025-43389",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43389"
},
{
"name": "CVE-2025-43457",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43457"
},
{
"name": "CVE-2025-43361",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43361"
},
{
"name": "CVE-2025-43398",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43398"
},
{
"name": "CVE-2025-31199",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-31199"
},
{
"name": "CVE-2025-43408",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43408"
},
{
"name": "CVE-2025-43379",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43379"
},
{
"name": "CVE-2025-6442",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
},
{
"name": "CVE-2025-43425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43425"
},
{
"name": "CVE-2025-43478",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43478"
},
{
"name": "CVE-2025-43436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43436"
},
{
"name": "CVE-2024-49761",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49761"
},
{
"name": "CVE-2025-43463",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-43463"
}
],
"initial_release_date": "2025-11-04T00:00:00",
"last_revision_date": "2025-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0961",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125639",
"url": "https://support.apple.com/en-us/125639"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125640",
"url": "https://support.apple.com/en-us/125640"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125634",
"url": "https://support.apple.com/en-us/125634"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125632",
"url": "https://support.apple.com/en-us/125632"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125638",
"url": "https://support.apple.com/en-us/125638"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125635",
"url": "https://support.apple.com/en-us/125635"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125641",
"url": "https://support.apple.com/en-us/125641"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125636",
"url": "https://support.apple.com/en-us/125636"
},
{
"published_at": "2025-11-03",
"title": "Bulletin de s\u00e9curit\u00e9 Apple 125637",
"url": "https://support.apple.com/en-us/125637"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…