Vulnerability-Lookup

CVE-2023-0433 (GCVE-0-2023-0433)

Vulnerability from cvelistv5 – Published: 2023-01-21 00:00 – Updated: 2025-04-02 13:55

Title

Heap-based Buffer Overflow in vim/vim

Summary

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

Severity ?

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

@huntrdev

References

10 references

URL	Tags
https://huntr.dev/bounties/ae933869-a1ec-402a-bbe…
https://github.com/vim/vim/commit/11977f917506d95…
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
https://support.apple.com/kb/HT213677
https://support.apple.com/kb/HT213675
https://support.apple.com/kb/HT213670
http://seclists.org/fulldisclosure/2023/Mar/17	mailing-list
http://seclists.org/fulldisclosure/2023/Mar/18	mailing-list
http://seclists.org/fulldisclosure/2023/Mar/21	mailing-list

Impacted products

1 product

Vendor	Product	Version
vim	vim/vim	Affected: unspecified , < 9.0.1225 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:10:56.313Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
          },
          {
            "name": "FEDORA-2023-2db4df65c3",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
          },
          {
            "name": "FEDORA-2023-93fb5b08eb",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213677"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213675"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213670"
          },
          {
            "name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Mar/17"
          },
          {
            "name": "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Mar/18"
          },
          {
            "name": "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-0433",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-02T13:55:07.797851Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-02T13:55:39.895Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "vim/vim",
          "vendor": "vim",
          "versions": [
            {
              "lessThan": "9.0.1225",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-28T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
        },
        {
          "url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
        },
        {
          "name": "FEDORA-2023-2db4df65c3",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
        },
        {
          "name": "FEDORA-2023-93fb5b08eb",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
        },
        {
          "url": "https://support.apple.com/kb/HT213677"
        },
        {
          "url": "https://support.apple.com/kb/HT213675"
        },
        {
          "url": "https://support.apple.com/kb/HT213670"
        },
        {
          "name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Mar/17"
        },
        {
          "name": "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Mar/18"
        },
        {
          "name": "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
        }
      ],
      "source": {
        "advisory": "ae933869-a1ec-402a-bbea-d51764c6618e",
        "discovery": "EXTERNAL"
      },
      "title": "Heap-based Buffer Overflow in vim/vim"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2023-0433",
    "datePublished": "2023-01-21T00:00:00.000Z",
    "dateReserved": "2023-01-21T00:00:00.000Z",
    "dateUpdated": "2025-04-02T13:55:39.895Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-0433",
      "date": "2026-05-19",
      "epss": "0.00042",
      "percentile": "0.12659"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"9.0.1225\", \"matchCriteriaId\": \"220F342C-2B9D-4371-BD43-BED77B7E99BA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer de almacenamiento din\\u00e1mico en el repositorio de GitHub vim/vim anterior a 9.0.1225.\"}]",
      "id": "CVE-2023-0433",
      "lastModified": "2024-11-21T07:37:10.260",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"security@huntr.dev\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2023-01-21T15:15:10.153",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/17\", \"source\": \"security@huntr.dev\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/18\", \"source\": \"security@huntr.dev\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/21\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b\", \"source\": \"security@huntr.dev\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e\", \"source\": \"security@huntr.dev\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://support.apple.com/kb/HT213670\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://support.apple.com/kb/HT213675\", \"source\": \"security@huntr.dev\"}, {\"url\": \"https://support.apple.com/kb/HT213677\", \"source\": \"security@huntr.dev\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT213670\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT213675\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT213677\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security@huntr.dev",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security@huntr.dev\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-0433\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2023-01-21T15:15:10.153\",\"lastModified\":\"2024-11-21T07:37:10.260\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el repositorio de GitHub vim/vim anterior a 9.0.1225.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"9.0.1225\",\"matchCriteriaId\":\"220F342C-2B9D-4371-BD43-BED77B7E99BA\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2023/Mar/17\",\"source\":\"security@huntr.dev\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Mar/18\",\"source\":\"security@huntr.dev\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Mar/21\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b\",\"source\":\"security@huntr.dev\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e\",\"source\":\"security@huntr.dev\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://support.apple.com/kb/HT213670\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://support.apple.com/kb/HT213675\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://support.apple.com/kb/HT213677\",\"source\":\"security@huntr.dev\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Mar/17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Mar/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2023/Mar/21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT213670\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT213675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT213677\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/\", \"name\": \"FEDORA-2023-2db4df65c3\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/\", \"name\": \"FEDORA-2023-93fb5b08eb\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213677\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213675\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.apple.com/kb/HT213670\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/17\", \"name\": \"20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/18\", \"name\": \"20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/21\", \"name\": \"20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5\", \"tags\": [\"mailing-list\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T05:10:56.313Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-0433\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-02T13:55:07.797851Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-02T13:55:20.358Z\"}}], \"cna\": {\"title\": \"Heap-based Buffer Overflow in vim/vim\", \"source\": {\"advisory\": \"ae933869-a1ec-402a-bbea-d51764c6618e\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"vim\", \"product\": \"vim/vim\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"9.0.1225\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e\"}, {\"url\": \"https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/\", \"name\": \"FEDORA-2023-2db4df65c3\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/\", \"name\": \"FEDORA-2023-93fb5b08eb\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT213677\"}, {\"url\": \"https://support.apple.com/kb/HT213675\"}, {\"url\": \"https://support.apple.com/kb/HT213670\"}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/17\", \"name\": \"20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/18\", \"name\": \"20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2023/Mar/21\", \"name\": \"20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5\", \"tags\": [\"mailing-list\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"shortName\": \"@huntrdev\", \"dateUpdated\": \"2023-03-28T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-0433\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-02T13:55:39.895Z\", \"dateReserved\": \"2023-01-21T00:00:00.000Z\", \"assignerOrgId\": \"c09c270a-b464-47c1-9133-acb35b22c19a\", \"datePublished\": \"2023-01-21T00:00:00.000Z\", \"assignerShortName\": \"@huntrdev\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2023-AVI-0265

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données, une exécution de code arbitraire à distance, une élévation de privilèges, un contournement de la politique de sécurité, un problème de sécurité non spécifié par l'éditeur et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS et iPadOS versions 16.x antérieures à 16.4
Apple	N/A	Apple watchOS versions antérieures à 9.4
Apple	N/A	Apple Studio Display Firmware versions antérieures à 16.4
Apple	macOS	Apple macOS Ventura versions antérieures à 13.3
Apple	macOS	Apple macOS Big Sur versions antérieures à 11.7.5
Apple	N/A	Apple iOS et iPadOS versions 15.x.x antérieures à 15.7.4
Apple	Safari	Apple Safari versions antérieures à 16.4
Apple	N/A	Apple tvOS versions antérieures à 16.4
Apple	macOS	Apple macOS Monterey antérieures à 12.6.4

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213674 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213673 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213678 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213675 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213677 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213671 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213672 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213676 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213670 du 27 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iOS et iPadOS versions 16.x ant\u00e9rieures \u00e0 16.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 9.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Studio Display Firmware versions ant\u00e9rieures \u00e0 16.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Ventura versions ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Big Sur versions ant\u00e9rieures \u00e0 11.7.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS et iPadOS versions 15.x.x ant\u00e9rieures \u00e0 15.7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 16.4",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 16.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Monterey ant\u00e9rieures \u00e0 12.6.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-27952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27952"
    },
    {
      "name": "CVE-2023-27937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27937"
    },
    {
      "name": "CVE-2023-27941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27941"
    },
    {
      "name": "CVE-2023-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28182"
    },
    {
      "name": "CVE-2023-23538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23538"
    },
    {
      "name": "CVE-2022-26702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
    },
    {
      "name": "CVE-2023-23514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23514"
    },
    {
      "name": "CVE-2023-27942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27942"
    },
    {
      "name": "CVE-2023-23541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23541"
    },
    {
      "name": "CVE-2023-27931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27931"
    },
    {
      "name": "CVE-2023-27933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27933"
    },
    {
      "name": "CVE-2023-27963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27963"
    },
    {
      "name": "CVE-2023-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
    },
    {
      "name": "CVE-2023-23533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23533"
    },
    {
      "name": "CVE-2023-23542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23542"
    },
    {
      "name": "CVE-2023-27970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27970"
    },
    {
      "name": "CVE-2023-27944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27944"
    },
    {
      "name": "CVE-2023-23534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23534"
    },
    {
      "name": "CVE-2023-23525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23525"
    },
    {
      "name": "CVE-2023-27965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27965"
    },
    {
      "name": "CVE-2023-23528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23528"
    },
    {
      "name": "CVE-2023-27936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27936"
    },
    {
      "name": "CVE-2023-23532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23532"
    },
    {
      "name": "CVE-2023-28190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28190"
    },
    {
      "name": "CVE-2023-27961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27961"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2023-23535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23535"
    },
    {
      "name": "CVE-2023-23537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23537"
    },
    {
      "name": "CVE-2023-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28180"
    },
    {
      "name": "CVE-2023-27957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27957"
    },
    {
      "name": "CVE-2023-27935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27935"
    },
    {
      "name": "CVE-2023-23526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23526"
    },
    {
      "name": "CVE-2023-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
    },
    {
      "name": "CVE-2023-27953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27953"
    },
    {
      "name": "CVE-2023-23494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23494"
    },
    {
      "name": "CVE-2023-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
    },
    {
      "name": "CVE-2023-27958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27958"
    },
    {
      "name": "CVE-2023-28192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28192"
    },
    {
      "name": "CVE-2023-27969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27969"
    },
    {
      "name": "CVE-2023-28178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28178"
    },
    {
      "name": "CVE-2023-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
    },
    {
      "name": "CVE-2023-23543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23543"
    },
    {
      "name": "CVE-2023-28200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28200"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2023-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27932"
    },
    {
      "name": "CVE-2023-27951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27951"
    },
    {
      "name": "CVE-2023-27955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27955"
    },
    {
      "name": "CVE-2023-27934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27934"
    },
    {
      "name": "CVE-2023-23529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"
    },
    {
      "name": "CVE-2023-27943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27943"
    },
    {
      "name": "CVE-2023-27959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27959"
    },
    {
      "name": "CVE-2023-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
    },
    {
      "name": "CVE-2023-27949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27949"
    },
    {
      "name": "CVE-2023-27968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27968"
    },
    {
      "name": "CVE-2023-27946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27946"
    },
    {
      "name": "CVE-2023-27962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27962"
    },
    {
      "name": "CVE-2023-27956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27956"
    },
    {
      "name": "CVE-2023-28194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28194"
    },
    {
      "name": "CVE-2023-23527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23527"
    },
    {
      "name": "CVE-2023-27928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27928"
    },
    {
      "name": "CVE-2023-27929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27929"
    },
    {
      "name": "CVE-2023-27954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27954"
    },
    {
      "name": "CVE-2023-23540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23540"
    },
    {
      "name": "CVE-2023-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
    },
    {
      "name": "CVE-2023-23523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23523"
    },
    {
      "name": "CVE-2023-28181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28181"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0265",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0\ndistance, une \u00e9l\u00e9vation de privil\u00e8ges, un contournement de la politique\nde s\u00e9curit\u00e9, un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213674 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213674"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213673 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213673"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213678 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213678"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213675 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213675"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213677 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213677"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213671 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213671"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213672 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213676 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213676"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213670 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213670"
    }
  ]
}

CERTFR-2025-AVI-0585

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Valkey versions antérieures à 8.1.2
VMware	Tanzu	Tanzu pour Postgres sur Kubernetes versions antérieures à 4.2.1
VMware	Tanzu	Tanzu Greenplum versions antérieures à 6.30.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 35935	2025-07-11	vendor-advisory
Bulletin de sécurité VMware 35934	2025-07-10	vendor-advisory
Bulletin de sécurité VMware 35931	2025-07-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 8.1.2",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": " Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.30.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2023-1175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
    },
    {
      "name": "CVE-2022-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
    },
    {
      "name": "CVE-2022-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2023-4504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
    },
    {
      "name": "CVE-2022-2874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2024-7531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
    },
    {
      "name": "CVE-2021-25317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25317"
    },
    {
      "name": "CVE-2021-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
    },
    {
      "name": "CVE-2023-48237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
    },
    {
      "name": "CVE-2022-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
    },
    {
      "name": "CVE-2023-48706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
    },
    {
      "name": "CVE-2022-3016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
    },
    {
      "name": "CVE-2023-7216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
    },
    {
      "name": "CVE-2024-52615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
    },
    {
      "name": "CVE-2021-31535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
    },
    {
      "name": "CVE-2022-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
    },
    {
      "name": "CVE-2022-2208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
    },
    {
      "name": "CVE-2022-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
    },
    {
      "name": "CVE-2023-5441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
    },
    {
      "name": "CVE-2022-2287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
    },
    {
      "name": "CVE-2022-3153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
    },
    {
      "name": "CVE-2022-2946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
    },
    {
      "name": "CVE-2022-2862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
    },
    {
      "name": "CVE-2022-2889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2020-12413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12413"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2023-48235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
    },
    {
      "name": "CVE-2023-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
    },
    {
      "name": "CVE-2024-43374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2024-41957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
    },
    {
      "name": "CVE-2023-4781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
    },
    {
      "name": "CVE-2023-48231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
    },
    {
      "name": "CVE-2023-2609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
    },
    {
      "name": "CVE-2022-3324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
    },
    {
      "name": "CVE-2024-38819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
    },
    {
      "name": "CVE-2023-1170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
    },
    {
      "name": "CVE-2022-2257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
    },
    {
      "name": "CVE-2024-45306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
    },
    {
      "name": "CVE-2023-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2023-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
    },
    {
      "name": "CVE-2021-3928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
    },
    {
      "name": "CVE-2015-1197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1197"
    },
    {
      "name": "CVE-2023-48233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
    },
    {
      "name": "CVE-2022-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
    },
    {
      "name": "CVE-2022-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
    },
    {
      "name": "CVE-2024-29040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
    },
    {
      "name": "CVE-2017-1000383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000383"
    },
    {
      "name": "CVE-2025-47268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
    },
    {
      "name": "CVE-2022-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2022-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
    },
    {
      "name": "CVE-2022-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
    },
    {
      "name": "CVE-2023-1264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
    },
    {
      "name": "CVE-2022-4293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
    },
    {
      "name": "CVE-2025-26603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2022-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
    },
    {
      "name": "CVE-2022-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
    },
    {
      "name": "CVE-2021-3973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2022-3256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2022-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
    },
    {
      "name": "CVE-2022-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
    },
    {
      "name": "CVE-2025-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
    },
    {
      "name": "CVE-2022-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
    },
    {
      "name": "CVE-2022-2980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
    },
    {
      "name": "CVE-2024-41965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
    },
    {
      "name": "CVE-2022-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
    },
    {
      "name": "CVE-2023-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
    },
    {
      "name": "CVE-2022-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
    },
    {
      "name": "CVE-2022-3297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
    },
    {
      "name": "CVE-2022-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
    },
    {
      "name": "CVE-2022-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
    },
    {
      "name": "CVE-2023-48236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-47814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
    },
    {
      "name": "CVE-2022-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2022-2284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2024-53920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
    },
    {
      "name": "CVE-2022-2286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2022-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
    },
    {
      "name": "CVE-2023-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
    },
    {
      "name": "CVE-2025-31344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
    },
    {
      "name": "CVE-2025-24014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2022-3296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
    },
    {
      "name": "CVE-2021-45261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
    },
    {
      "name": "CVE-2022-42889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
    },
    {
      "name": "CVE-2023-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
    },
    {
      "name": "CVE-2022-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
    },
    {
      "name": "CVE-2021-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
    },
    {
      "name": "CVE-2022-2845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
    },
    {
      "name": "CVE-2022-2210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
    },
    {
      "name": "CVE-2022-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2023-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
    },
    {
      "name": "CVE-2023-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
    },
    {
      "name": "CVE-2023-2610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
    },
    {
      "name": "CVE-2025-29768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
    },
    {
      "name": "CVE-2022-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
    },
    {
      "name": "CVE-2023-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
    },
    {
      "name": "CVE-2022-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2024-38828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
    },
    {
      "name": "CVE-2022-4292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-22134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
    },
    {
      "name": "CVE-2025-1215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
    },
    {
      "name": "CVE-2023-48232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
    },
    {
      "name": "CVE-2022-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
    },
    {
      "name": "CVE-2022-2129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
    },
    {
      "name": "CVE-2023-48234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2024-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
    },
    {
      "name": "CVE-2023-46246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
    },
    {
      "name": "CVE-2025-27151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
    },
    {
      "name": "CVE-2024-43802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
    },
    {
      "name": "CVE-2025-46701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2023-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
    },
    {
      "name": "CVE-2025-52968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52968"
    },
    {
      "name": "CVE-2022-3037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
    },
    {
      "name": "CVE-2022-1674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
    },
    {
      "name": "CVE-2022-3278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
    },
    {
      "name": "CVE-2022-2206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2022-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
    },
    {
      "name": "CVE-2023-7207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7207"
    },
    {
      "name": "CVE-2022-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
    },
    {
      "name": "CVE-2025-31650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
    },
    {
      "name": "CVE-2022-4141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
    },
    {
      "name": "CVE-2022-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2021-3927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2021-34141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
    },
    {
      "name": "CVE-2023-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
    },
    {
      "name": "CVE-2023-5344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
    },
    {
      "name": "CVE-2021-33430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
    },
    {
      "name": "CVE-2022-2125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
    },
    {
      "name": "CVE-2022-2207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
    },
    {
      "name": "CVE-2017-6519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2023-1127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0585",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2025-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35935",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35935"
    },
    {
      "published_at": "2025-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35934",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35934"
    },
    {
      "published_at": "2025-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35931",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35931"
    }
  ]
}

CERTFR-2025-AVI-0693

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Valkey versions 8.1.x antérieures à 8.1.3
VMware	Tanzu	Tanzu pour Valkey versions 8.0.x antérieures à 8.0.4
VMware	Tanzu	Tanzu pour Valkey versions antérieures à 3.0.0
VMware	Tanzu	Tanzu pour Valkey versions 7.2.x antérieures à 7.2.10

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36036	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36035	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36038	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36037	2025-08-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu pour Valkey versions 8.1.x ant\u00e9rieures \u00e0 8.1.3",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 3.0.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-1175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2022-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
    },
    {
      "name": "CVE-2022-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
    },
    {
      "name": "CVE-2022-2874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2025-7545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
    },
    {
      "name": "CVE-2021-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
    },
    {
      "name": "CVE-2022-47008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
    },
    {
      "name": "CVE-2023-48237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
    },
    {
      "name": "CVE-2022-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
    },
    {
      "name": "CVE-2023-48706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2022-3016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
    },
    {
      "name": "CVE-2022-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2022-2208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
    },
    {
      "name": "CVE-2022-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
    },
    {
      "name": "CVE-2023-5441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2022-2287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
    },
    {
      "name": "CVE-2023-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
    },
    {
      "name": "CVE-2022-3153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
    },
    {
      "name": "CVE-2022-2946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2022-2862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
    },
    {
      "name": "CVE-2022-2889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-49794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
    },
    {
      "name": "CVE-2023-48235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
    },
    {
      "name": "CVE-2023-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2024-43374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
    },
    {
      "name": "CVE-2022-47007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-24528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
    },
    {
      "name": "CVE-2024-41957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2023-4781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
    },
    {
      "name": "CVE-2023-48231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
    },
    {
      "name": "CVE-2023-2609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
    },
    {
      "name": "CVE-2025-53905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
    },
    {
      "name": "CVE-2021-45078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
    },
    {
      "name": "CVE-2023-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2222"
    },
    {
      "name": "CVE-2022-3324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
    },
    {
      "name": "CVE-2024-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
    },
    {
      "name": "CVE-2023-1170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
    },
    {
      "name": "CVE-2022-2257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
    },
    {
      "name": "CVE-2025-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
    },
    {
      "name": "CVE-2024-45306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
    },
    {
      "name": "CVE-2023-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2023-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
    },
    {
      "name": "CVE-2025-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2021-3928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
    },
    {
      "name": "CVE-2025-1152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1152"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2023-48233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
    },
    {
      "name": "CVE-2022-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
    },
    {
      "name": "CVE-2022-44840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
    },
    {
      "name": "CVE-2022-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
    },
    {
      "name": "CVE-2024-29040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
    },
    {
      "name": "CVE-2025-47268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
    },
    {
      "name": "CVE-2022-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
    },
    {
      "name": "CVE-2022-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
    },
    {
      "name": "CVE-2022-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
    },
    {
      "name": "CVE-2023-1264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
    },
    {
      "name": "CVE-2022-4293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
    },
    {
      "name": "CVE-2025-26603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
    },
    {
      "name": "CVE-2022-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2022-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2021-3973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2022-3256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2022-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
    },
    {
      "name": "CVE-2022-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
    },
    {
      "name": "CVE-2025-48964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
    },
    {
      "name": "CVE-2022-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
    },
    {
      "name": "CVE-2022-2980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
    },
    {
      "name": "CVE-2024-41965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
    },
    {
      "name": "CVE-2022-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
    },
    {
      "name": "CVE-2023-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
    },
    {
      "name": "CVE-2022-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
    },
    {
      "name": "CVE-2022-3297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
    },
    {
      "name": "CVE-2022-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
    },
    {
      "name": "CVE-2022-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
    },
    {
      "name": "CVE-2023-48236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-47814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
    },
    {
      "name": "CVE-2022-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2022-2284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2022-2286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
    },
    {
      "name": "CVE-2025-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
    },
    {
      "name": "CVE-2021-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
    },
    {
      "name": "CVE-2022-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
    },
    {
      "name": "CVE-2024-25260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
    },
    {
      "name": "CVE-2023-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
    },
    {
      "name": "CVE-2024-52533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
    },
    {
      "name": "CVE-2025-24014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2021-32256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
    },
    {
      "name": "CVE-2022-3296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
    },
    {
      "name": "CVE-2025-4802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
    },
    {
      "name": "CVE-2023-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
    },
    {
      "name": "CVE-2022-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2021-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
    },
    {
      "name": "CVE-2022-2845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
    },
    {
      "name": "CVE-2022-2210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
    },
    {
      "name": "CVE-2022-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
    },
    {
      "name": "CVE-2025-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2023-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
    },
    {
      "name": "CVE-2023-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
    },
    {
      "name": "CVE-2023-2610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
    },
    {
      "name": "CVE-2025-29768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
    },
    {
      "name": "CVE-2022-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
    },
    {
      "name": "CVE-2023-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
    },
    {
      "name": "CVE-2024-10041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
    },
    {
      "name": "CVE-2023-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2022-47010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
    },
    {
      "name": "CVE-2022-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2024-57360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57360"
    },
    {
      "name": "CVE-2022-4292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
    },
    {
      "name": "CVE-2025-22134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
    },
    {
      "name": "CVE-2025-1215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2023-48232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
    },
    {
      "name": "CVE-2022-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2022-2129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
    },
    {
      "name": "CVE-2023-48234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
    },
    {
      "name": "CVE-2025-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1150"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2024-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
    },
    {
      "name": "CVE-2023-46246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
    },
    {
      "name": "CVE-2024-43802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
    },
    {
      "name": "CVE-2025-5245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2023-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2022-47011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
    },
    {
      "name": "CVE-2022-3037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
    },
    {
      "name": "CVE-2025-53906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
    },
    {
      "name": "CVE-2022-1674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
    },
    {
      "name": "CVE-2025-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1153"
    },
    {
      "name": "CVE-2022-3278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
    },
    {
      "name": "CVE-2022-2206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2022-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2025-0395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
    },
    {
      "name": "CVE-2022-38533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
    },
    {
      "name": "CVE-2022-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
    },
    {
      "name": "CVE-2025-3198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
    },
    {
      "name": "CVE-2025-49796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
    },
    {
      "name": "CVE-2022-4141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
    },
    {
      "name": "CVE-2022-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2021-3927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
    },
    {
      "name": "CVE-2021-20197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20197"
    },
    {
      "name": "CVE-2025-1151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1151"
    },
    {
      "name": "CVE-2025-7546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
    },
    {
      "name": "CVE-2023-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2023-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
    },
    {
      "name": "CVE-2023-5344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
    },
    {
      "name": "CVE-2022-2125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
    },
    {
      "name": "CVE-2022-2207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2023-1127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0693",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36036",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36036"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36035",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36035"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36038",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36038"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36037",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36037"
    }
  ]
}

CERTFR-2023-AVI-0265

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple iOS et iPadOS versions 16.x antérieures à 16.4
Apple	N/A	Apple watchOS versions antérieures à 9.4
Apple	N/A	Apple Studio Display Firmware versions antérieures à 16.4
Apple	macOS	Apple macOS Ventura versions antérieures à 13.3
Apple	macOS	Apple macOS Big Sur versions antérieures à 11.7.5
Apple	N/A	Apple iOS et iPadOS versions 15.x.x antérieures à 15.7.4
Apple	Safari	Apple Safari versions antérieures à 16.4
Apple	N/A	Apple tvOS versions antérieures à 16.4
Apple	macOS	Apple macOS Monterey antérieures à 12.6.4

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT213674 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213673 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213678 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213675 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213677 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213671 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213672 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213676 du 27 mars 2023	None	vendor-advisory
Bulletin de sécurité Apple HT213670 du 27 mars 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple iOS et iPadOS versions 16.x ant\u00e9rieures \u00e0 16.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 9.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Studio Display Firmware versions ant\u00e9rieures \u00e0 16.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Ventura versions ant\u00e9rieures \u00e0 13.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Big Sur versions ant\u00e9rieures \u00e0 11.7.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS et iPadOS versions 15.x.x ant\u00e9rieures \u00e0 15.7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 16.4",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 16.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple macOS Monterey ant\u00e9rieures \u00e0 12.6.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-27952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27952"
    },
    {
      "name": "CVE-2023-27937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27937"
    },
    {
      "name": "CVE-2023-27941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27941"
    },
    {
      "name": "CVE-2023-28182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28182"
    },
    {
      "name": "CVE-2023-23538",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23538"
    },
    {
      "name": "CVE-2022-26702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26702"
    },
    {
      "name": "CVE-2023-23514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23514"
    },
    {
      "name": "CVE-2023-27942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27942"
    },
    {
      "name": "CVE-2023-23541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23541"
    },
    {
      "name": "CVE-2023-27931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27931"
    },
    {
      "name": "CVE-2023-27933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27933"
    },
    {
      "name": "CVE-2023-27963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27963"
    },
    {
      "name": "CVE-2023-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
    },
    {
      "name": "CVE-2023-23533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23533"
    },
    {
      "name": "CVE-2023-23542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23542"
    },
    {
      "name": "CVE-2023-27970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27970"
    },
    {
      "name": "CVE-2023-27944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27944"
    },
    {
      "name": "CVE-2023-23534",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23534"
    },
    {
      "name": "CVE-2023-23525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23525"
    },
    {
      "name": "CVE-2023-27965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27965"
    },
    {
      "name": "CVE-2023-23528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23528"
    },
    {
      "name": "CVE-2023-27936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27936"
    },
    {
      "name": "CVE-2023-23532",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23532"
    },
    {
      "name": "CVE-2023-28190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28190"
    },
    {
      "name": "CVE-2023-27961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27961"
    },
    {
      "name": "CVE-2022-43552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552"
    },
    {
      "name": "CVE-2023-23535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23535"
    },
    {
      "name": "CVE-2023-23537",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23537"
    },
    {
      "name": "CVE-2023-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28180"
    },
    {
      "name": "CVE-2023-27957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27957"
    },
    {
      "name": "CVE-2023-27935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27935"
    },
    {
      "name": "CVE-2023-23526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23526"
    },
    {
      "name": "CVE-2023-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
    },
    {
      "name": "CVE-2023-27953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27953"
    },
    {
      "name": "CVE-2023-23494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23494"
    },
    {
      "name": "CVE-2023-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
    },
    {
      "name": "CVE-2023-27958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27958"
    },
    {
      "name": "CVE-2023-28192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28192"
    },
    {
      "name": "CVE-2023-27969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27969"
    },
    {
      "name": "CVE-2023-28178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28178"
    },
    {
      "name": "CVE-2023-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
    },
    {
      "name": "CVE-2023-23543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23543"
    },
    {
      "name": "CVE-2023-28200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28200"
    },
    {
      "name": "CVE-2022-43551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
    },
    {
      "name": "CVE-2023-27932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27932"
    },
    {
      "name": "CVE-2023-27951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27951"
    },
    {
      "name": "CVE-2023-27955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27955"
    },
    {
      "name": "CVE-2023-27934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27934"
    },
    {
      "name": "CVE-2023-23529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23529"
    },
    {
      "name": "CVE-2023-27943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27943"
    },
    {
      "name": "CVE-2023-27959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27959"
    },
    {
      "name": "CVE-2023-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
    },
    {
      "name": "CVE-2023-27949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27949"
    },
    {
      "name": "CVE-2023-27968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27968"
    },
    {
      "name": "CVE-2023-27946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27946"
    },
    {
      "name": "CVE-2023-27962",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27962"
    },
    {
      "name": "CVE-2023-27956",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27956"
    },
    {
      "name": "CVE-2023-28194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28194"
    },
    {
      "name": "CVE-2023-23527",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23527"
    },
    {
      "name": "CVE-2023-27928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27928"
    },
    {
      "name": "CVE-2023-27929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27929"
    },
    {
      "name": "CVE-2023-27954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27954"
    },
    {
      "name": "CVE-2023-23540",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23540"
    },
    {
      "name": "CVE-2023-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
    },
    {
      "name": "CVE-2023-23523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23523"
    },
    {
      "name": "CVE-2023-28181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28181"
    }
  ],
  "links": [],
  "reference": "CERTFR-2023-AVI-0265",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-03-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits \u003cspan\nclass=\"textit\"\u003eApple\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code arbitraire \u00e0\ndistance, une \u00e9l\u00e9vation de privil\u00e8ges, un contournement de la politique\nde s\u00e9curit\u00e9, un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213674 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213674"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213673 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213673"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213678 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213678"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213675 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213675"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213677 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213677"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213671 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213671"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213672 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213672"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213676 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213676"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT213670 du 27 mars 2023",
      "url": "https://support.apple.com/en-us/HT213670"
    }
  ]
}

CERTFR-2025-AVI-0585

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Valkey versions antérieures à 8.1.2
VMware	Tanzu	Tanzu pour Postgres sur Kubernetes versions antérieures à 4.2.1
VMware	Tanzu	Tanzu Greenplum versions antérieures à 6.30.0

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 35935	2025-07-11	vendor-advisory
Bulletin de sécurité VMware 35934	2025-07-10	vendor-advisory
Bulletin de sécurité VMware 35931	2025-07-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 8.1.2",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": " Tanzu pour Postgres sur Kubernetes versions ant\u00e9rieures \u00e0 4.2.1",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Greenplum versions ant\u00e9rieures \u00e0 6.30.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-31651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31651"
    },
    {
      "name": "CVE-2023-1175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
    },
    {
      "name": "CVE-2022-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
    },
    {
      "name": "CVE-2022-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
    },
    {
      "name": "CVE-2024-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-37891"
    },
    {
      "name": "CVE-2023-4504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4504"
    },
    {
      "name": "CVE-2022-2874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2024-7531",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7531"
    },
    {
      "name": "CVE-2021-25317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25317"
    },
    {
      "name": "CVE-2021-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
    },
    {
      "name": "CVE-2023-48237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
    },
    {
      "name": "CVE-2022-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
    },
    {
      "name": "CVE-2023-48706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
    },
    {
      "name": "CVE-2022-3016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
    },
    {
      "name": "CVE-2023-7216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7216"
    },
    {
      "name": "CVE-2024-52615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52615"
    },
    {
      "name": "CVE-2021-31535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31535"
    },
    {
      "name": "CVE-2022-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
    },
    {
      "name": "CVE-2022-2208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
    },
    {
      "name": "CVE-2022-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
    },
    {
      "name": "CVE-2023-5441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
    },
    {
      "name": "CVE-2022-2287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
    },
    {
      "name": "CVE-2022-3153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
    },
    {
      "name": "CVE-2022-2946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
    },
    {
      "name": "CVE-2022-2862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
    },
    {
      "name": "CVE-2022-2889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2020-12413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-12413"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2023-48235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
    },
    {
      "name": "CVE-2023-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
    },
    {
      "name": "CVE-2024-43374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2024-41957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
    },
    {
      "name": "CVE-2023-4781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
    },
    {
      "name": "CVE-2023-48231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
    },
    {
      "name": "CVE-2023-2609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
    },
    {
      "name": "CVE-2022-3324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
    },
    {
      "name": "CVE-2024-38819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
    },
    {
      "name": "CVE-2023-1170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
    },
    {
      "name": "CVE-2022-2257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
    },
    {
      "name": "CVE-2024-45306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
    },
    {
      "name": "CVE-2023-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2023-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
    },
    {
      "name": "CVE-2021-3928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
    },
    {
      "name": "CVE-2015-1197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1197"
    },
    {
      "name": "CVE-2023-48233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
    },
    {
      "name": "CVE-2022-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
    },
    {
      "name": "CVE-2022-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
    },
    {
      "name": "CVE-2024-29040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
    },
    {
      "name": "CVE-2017-1000383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000383"
    },
    {
      "name": "CVE-2025-47268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
    },
    {
      "name": "CVE-2022-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2022-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
    },
    {
      "name": "CVE-2022-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
    },
    {
      "name": "CVE-2023-1264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
    },
    {
      "name": "CVE-2022-4293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
    },
    {
      "name": "CVE-2025-26603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2022-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
    },
    {
      "name": "CVE-2022-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
    },
    {
      "name": "CVE-2021-3973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2022-3256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2022-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
    },
    {
      "name": "CVE-2022-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
    },
    {
      "name": "CVE-2025-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4565"
    },
    {
      "name": "CVE-2022-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
    },
    {
      "name": "CVE-2022-2980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
    },
    {
      "name": "CVE-2024-41965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
    },
    {
      "name": "CVE-2022-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
    },
    {
      "name": "CVE-2023-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
    },
    {
      "name": "CVE-2022-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
    },
    {
      "name": "CVE-2022-3297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
    },
    {
      "name": "CVE-2022-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
    },
    {
      "name": "CVE-2022-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
    },
    {
      "name": "CVE-2023-48236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-47814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
    },
    {
      "name": "CVE-2022-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2022-2284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2024-53920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53920"
    },
    {
      "name": "CVE-2022-2286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
    },
    {
      "name": "CVE-2023-45803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45803"
    },
    {
      "name": "CVE-2022-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
    },
    {
      "name": "CVE-2023-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
    },
    {
      "name": "CVE-2025-31344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31344"
    },
    {
      "name": "CVE-2025-24014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
    },
    {
      "name": "CVE-2024-35195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35195"
    },
    {
      "name": "CVE-2022-3296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
    },
    {
      "name": "CVE-2021-45261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45261"
    },
    {
      "name": "CVE-2022-42889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-42889"
    },
    {
      "name": "CVE-2023-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
    },
    {
      "name": "CVE-2022-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
    },
    {
      "name": "CVE-2021-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
    },
    {
      "name": "CVE-2022-2845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
    },
    {
      "name": "CVE-2022-2210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
    },
    {
      "name": "CVE-2022-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
    },
    {
      "name": "CVE-2023-43804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43804"
    },
    {
      "name": "CVE-2023-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
    },
    {
      "name": "CVE-2023-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
    },
    {
      "name": "CVE-2023-2610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
    },
    {
      "name": "CVE-2025-29768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
    },
    {
      "name": "CVE-2022-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
    },
    {
      "name": "CVE-2023-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
    },
    {
      "name": "CVE-2022-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2024-38828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
    },
    {
      "name": "CVE-2022-4292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-22134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
    },
    {
      "name": "CVE-2025-1215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
    },
    {
      "name": "CVE-2023-48232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
    },
    {
      "name": "CVE-2022-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
    },
    {
      "name": "CVE-2022-2129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
    },
    {
      "name": "CVE-2023-48234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2024-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
    },
    {
      "name": "CVE-2023-46246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
    },
    {
      "name": "CVE-2025-27151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27151"
    },
    {
      "name": "CVE-2024-43802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
    },
    {
      "name": "CVE-2025-46701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2023-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
    },
    {
      "name": "CVE-2025-52968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52968"
    },
    {
      "name": "CVE-2022-3037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
    },
    {
      "name": "CVE-2022-1674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
    },
    {
      "name": "CVE-2022-3278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
    },
    {
      "name": "CVE-2022-2206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
    },
    {
      "name": "CVE-2024-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3651"
    },
    {
      "name": "CVE-2022-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
    },
    {
      "name": "CVE-2023-7207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7207"
    },
    {
      "name": "CVE-2022-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
    },
    {
      "name": "CVE-2025-31650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31650"
    },
    {
      "name": "CVE-2022-4141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
    },
    {
      "name": "CVE-2022-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2023-32681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32681"
    },
    {
      "name": "CVE-2021-3927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2021-34141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34141"
    },
    {
      "name": "CVE-2023-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
    },
    {
      "name": "CVE-2023-5344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
    },
    {
      "name": "CVE-2021-33430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33430"
    },
    {
      "name": "CVE-2022-2125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
    },
    {
      "name": "CVE-2022-2207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
    },
    {
      "name": "CVE-2017-6519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6519"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2023-1127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0585",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2025-07-11",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35935",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35935"
    },
    {
      "published_at": "2025-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35934",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35934"
    },
    {
      "published_at": "2025-07-10",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 35931",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35931"
    }
  ]
}

CERTFR-2025-AVI-0693

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans VMware Tanzu. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu	Tanzu pour Valkey versions 8.1.x antérieures à 8.1.3
VMware	Tanzu	Tanzu pour Valkey versions 8.0.x antérieures à 8.0.4
VMware	Tanzu	Tanzu pour Valkey versions antérieures à 3.0.0
VMware	Tanzu	Tanzu pour Valkey versions 7.2.x antérieures à 7.2.10

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36036	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36035	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36038	2025-08-14	vendor-advisory
Bulletin de sécurité VMware 36037	2025-08-14	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tanzu pour Valkey versions 8.1.x ant\u00e9rieures \u00e0 8.1.3",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions 8.0.x ant\u00e9rieures \u00e0 8.0.4",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions ant\u00e9rieures \u00e0 3.0.0",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu pour Valkey versions 7.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-1175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1175"
    },
    {
      "name": "CVE-2024-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11168"
    },
    {
      "name": "CVE-2022-2817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2817"
    },
    {
      "name": "CVE-2022-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2182"
    },
    {
      "name": "CVE-2022-2874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2874"
    },
    {
      "name": "CVE-2025-25724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25724"
    },
    {
      "name": "CVE-2025-7545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7545"
    },
    {
      "name": "CVE-2021-3968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3968"
    },
    {
      "name": "CVE-2022-47008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47008"
    },
    {
      "name": "CVE-2023-48237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48237"
    },
    {
      "name": "CVE-2022-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2344"
    },
    {
      "name": "CVE-2023-48706",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48706"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2022-3016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3016"
    },
    {
      "name": "CVE-2022-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2285"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2022-2208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2208"
    },
    {
      "name": "CVE-2022-2982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2982"
    },
    {
      "name": "CVE-2023-5441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5441"
    },
    {
      "name": "CVE-2024-12797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
    },
    {
      "name": "CVE-2022-2287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2287"
    },
    {
      "name": "CVE-2023-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4752"
    },
    {
      "name": "CVE-2022-3153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3153"
    },
    {
      "name": "CVE-2022-2946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2946"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2022-2862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2862"
    },
    {
      "name": "CVE-2022-2889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2889"
    },
    {
      "name": "CVE-2021-4173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4173"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-49794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49794"
    },
    {
      "name": "CVE-2023-48235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48235"
    },
    {
      "name": "CVE-2023-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0051"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2024-43374",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43374"
    },
    {
      "name": "CVE-2022-47007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47007"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-24528",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24528"
    },
    {
      "name": "CVE-2024-41957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41957"
    },
    {
      "name": "CVE-2024-56171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
    },
    {
      "name": "CVE-2023-4781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4781"
    },
    {
      "name": "CVE-2023-48231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48231"
    },
    {
      "name": "CVE-2023-2609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2609"
    },
    {
      "name": "CVE-2025-53905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
    },
    {
      "name": "CVE-2021-45078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45078"
    },
    {
      "name": "CVE-2023-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2222"
    },
    {
      "name": "CVE-2022-3324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3324"
    },
    {
      "name": "CVE-2024-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
    },
    {
      "name": "CVE-2023-1170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1170"
    },
    {
      "name": "CVE-2022-2257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2257"
    },
    {
      "name": "CVE-2025-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
    },
    {
      "name": "CVE-2024-45306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45306"
    },
    {
      "name": "CVE-2023-4751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4751"
    },
    {
      "name": "CVE-2021-4136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4136"
    },
    {
      "name": "CVE-2022-49043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
    },
    {
      "name": "CVE-2023-4738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4738"
    },
    {
      "name": "CVE-2025-1371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1371"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2021-3928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3928"
    },
    {
      "name": "CVE-2025-1152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1152"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2023-48233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48233"
    },
    {
      "name": "CVE-2022-2042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2042"
    },
    {
      "name": "CVE-2022-44840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44840"
    },
    {
      "name": "CVE-2022-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2183"
    },
    {
      "name": "CVE-2024-29040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-29040"
    },
    {
      "name": "CVE-2025-47268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47268"
    },
    {
      "name": "CVE-2022-2304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2304"
    },
    {
      "name": "CVE-2022-2819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2819"
    },
    {
      "name": "CVE-2022-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3705"
    },
    {
      "name": "CVE-2023-1264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1264"
    },
    {
      "name": "CVE-2022-4293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4293"
    },
    {
      "name": "CVE-2025-26603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26603"
    },
    {
      "name": "CVE-2022-3234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3234"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2022-2126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2126"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2021-3973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3973"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2021-4166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4166"
    },
    {
      "name": "CVE-2025-1795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1795"
    },
    {
      "name": "CVE-2022-3256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3256"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2022-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2343"
    },
    {
      "name": "CVE-2022-2849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2849"
    },
    {
      "name": "CVE-2025-48964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48964"
    },
    {
      "name": "CVE-2022-3235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3235"
    },
    {
      "name": "CVE-2022-2980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2980"
    },
    {
      "name": "CVE-2024-41965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41965"
    },
    {
      "name": "CVE-2022-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3134"
    },
    {
      "name": "CVE-2023-0512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0512"
    },
    {
      "name": "CVE-2022-2175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2175"
    },
    {
      "name": "CVE-2022-3297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3297"
    },
    {
      "name": "CVE-2022-0213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0213"
    },
    {
      "name": "CVE-2022-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1616"
    },
    {
      "name": "CVE-2023-48236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48236"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-47814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47814"
    },
    {
      "name": "CVE-2022-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2923"
    },
    {
      "name": "CVE-2025-6020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
    },
    {
      "name": "CVE-2022-2284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2284"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2022-2286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2286"
    },
    {
      "name": "CVE-2025-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1377"
    },
    {
      "name": "CVE-2021-3826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3826"
    },
    {
      "name": "CVE-2022-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3352"
    },
    {
      "name": "CVE-2024-25260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25260"
    },
    {
      "name": "CVE-2023-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0054"
    },
    {
      "name": "CVE-2024-52533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
    },
    {
      "name": "CVE-2025-24014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24014"
    },
    {
      "name": "CVE-2019-12900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
    },
    {
      "name": "CVE-2021-32256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32256"
    },
    {
      "name": "CVE-2022-3296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3296"
    },
    {
      "name": "CVE-2025-4802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4802"
    },
    {
      "name": "CVE-2023-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0433"
    },
    {
      "name": "CVE-2022-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2345"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2021-3974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3974"
    },
    {
      "name": "CVE-2022-2845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2845"
    },
    {
      "name": "CVE-2022-2210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2210"
    },
    {
      "name": "CVE-2022-1725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1725"
    },
    {
      "name": "CVE-2025-1376",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1376"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2023-4735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4735"
    },
    {
      "name": "CVE-2023-4734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4734"
    },
    {
      "name": "CVE-2023-2610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2610"
    },
    {
      "name": "CVE-2025-29768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29768"
    },
    {
      "name": "CVE-2022-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1620"
    },
    {
      "name": "CVE-2023-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5535"
    },
    {
      "name": "CVE-2024-10041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
    },
    {
      "name": "CVE-2023-1972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1972"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2022-47010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47010"
    },
    {
      "name": "CVE-2022-1720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1720"
    },
    {
      "name": "CVE-2024-10963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10963"
    },
    {
      "name": "CVE-2024-57360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-57360"
    },
    {
      "name": "CVE-2022-4292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4292"
    },
    {
      "name": "CVE-2025-22134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22134"
    },
    {
      "name": "CVE-2025-1215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1215"
    },
    {
      "name": "CVE-2024-0397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-0397"
    },
    {
      "name": "CVE-2023-48232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48232"
    },
    {
      "name": "CVE-2022-2522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2522"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2022-2129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2129"
    },
    {
      "name": "CVE-2023-48234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48234"
    },
    {
      "name": "CVE-2025-1150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1150"
    },
    {
      "name": "CVE-2025-6021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6021"
    },
    {
      "name": "CVE-2022-0351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0351"
    },
    {
      "name": "CVE-2024-22667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-22667"
    },
    {
      "name": "CVE-2023-46246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46246"
    },
    {
      "name": "CVE-2024-43802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-43802"
    },
    {
      "name": "CVE-2025-5245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5245"
    },
    {
      "name": "CVE-2025-5702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5702"
    },
    {
      "name": "CVE-2023-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0288"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2022-47011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47011"
    },
    {
      "name": "CVE-2022-3037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3037"
    },
    {
      "name": "CVE-2025-53906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
    },
    {
      "name": "CVE-2022-1674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1674"
    },
    {
      "name": "CVE-2025-1153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1153"
    },
    {
      "name": "CVE-2022-3278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3278"
    },
    {
      "name": "CVE-2022-2206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2206"
    },
    {
      "name": "CVE-2024-12243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12243"
    },
    {
      "name": "CVE-2022-2124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2124"
    },
    {
      "name": "CVE-2025-24928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
    },
    {
      "name": "CVE-2025-0395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0395"
    },
    {
      "name": "CVE-2022-38533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38533"
    },
    {
      "name": "CVE-2022-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1619"
    },
    {
      "name": "CVE-2025-3198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3198"
    },
    {
      "name": "CVE-2025-49796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49796"
    },
    {
      "name": "CVE-2022-4141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4141"
    },
    {
      "name": "CVE-2022-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3099"
    },
    {
      "name": "CVE-2021-4187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4187"
    },
    {
      "name": "CVE-2021-3927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3927"
    },
    {
      "name": "CVE-2021-20197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20197"
    },
    {
      "name": "CVE-2025-1151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1151"
    },
    {
      "name": "CVE-2025-7546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7546"
    },
    {
      "name": "CVE-2023-1579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1579"
    },
    {
      "name": "CVE-2024-12133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12133"
    },
    {
      "name": "CVE-2023-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0049"
    },
    {
      "name": "CVE-2023-5344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5344"
    },
    {
      "name": "CVE-2022-2125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2125"
    },
    {
      "name": "CVE-2022-2207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2207"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2025-3576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3576"
    },
    {
      "name": "CVE-2023-1127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1127"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0693",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware Tanzu. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware Tanzu",
  "vendor_advisories": [
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36036",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36036"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36035",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36035"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36038",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36038"
    },
    {
      "published_at": "2025-08-14",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36037",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36037"
    }
  ]
}

BDU:2023-00451

Vulnerability from fstec - Published: 21.01.2023

Title

Уязвимость функций same_leader() и utfc_ptr2len() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код в целевой системе

Description

Уязвимость функций same_leader() и utfc_ptr2len() текстового редактора Vim связана с переполнением буфера. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код в целевой системе

Severity ?


                    
                      AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

ООО «Ред Софт», ООО «РусБИТех-Астра», ФССП России, Сообщество свободного программного обеспечения, АО «НТЦ ИТ РОСА», АО "НППКТ"

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), ОС ТД АИС ФССП России, vim, РОСА ХРОМ (запись в едином реестре российских программ №1607), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), ИК6 (ОС ТД АИС ФССП России), 4.7 (Astra Linux Special Edition), до 9.0.1225 (vim), 12.4 (РОСА ХРОМ), до 2.8 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для Vim: https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС ТД АИС ФССП России: https://goslinux.fssp.gov.ru/2726972/ Для ОС Astra Linux Special Edition 1.7: использование рекомендаций производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17 Для Astra Linux Special Edition 4.7 для архитектуры ARM: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47 Для ОСОН ОСнова Оnyx: Обновление программного обеспечения vim до версии 2:9.0.1672-1 Для операционной системы РОСА ХРОМ: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2268

Reference

https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://goslinux.fssp.gov.ru/2726972/ https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/ https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47 https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/ https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2268

CWE

CWE-122

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), \u0418\u041a6 (\u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438), 4.7 (Astra Linux Special Edition), \u0434\u043e 9.0.1225 (vim), 12.4 (\u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Vim:\nhttps://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438: https://goslinux.fssp.gov.ru/2726972/\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f vim \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2:9.0.1672-1\n\n\u0414\u043b\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c: https://abf.rosalinux.ru/advisories/ROSA-SA-2023-2268",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.01.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.01.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-00451",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-0433",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "\u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438, vim, \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438 \u041e\u0421 \u0422\u0414 \u0410\u0418\u0421 \u0424\u0421\u0421\u041f \u0420\u043e\u0441\u0441\u0438\u0438 \u0418\u041a6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb \u0420\u041e\u0421\u0410 \u0425\u0420\u041e\u041c 12.4  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21161607), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 same_leader() \u0438 utfc_ptr2len() \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 Vim, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0439 same_leader() \u0438 utfc_ptr2len() \u0442\u0435\u043a\u0441\u0442\u043e\u0432\u043e\u0433\u043e \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u0430 Vim \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://goslinux.fssp.gov.ru/2726972/\nhttps://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e/\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://abf.rosalinux.ru/advisories/ROSA-SA-2023-2268",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

FKIE_CVE-2023-0433

Vulnerability from fkie_nvd - Published: 2023-01-21 15:15 - Updated: 2024-11-21 07:37

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

References

URL	Tags
security@huntr.dev	http://seclists.org/fulldisclosure/2023/Mar/17
security@huntr.dev	http://seclists.org/fulldisclosure/2023/Mar/18
security@huntr.dev	http://seclists.org/fulldisclosure/2023/Mar/21
security@huntr.dev	https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b	Patch, Third Party Advisory
security@huntr.dev	https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e	Exploit, Third Party Advisory
security@huntr.dev	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/
security@huntr.dev	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/
security@huntr.dev	https://support.apple.com/kb/HT213670
security@huntr.dev	https://support.apple.com/kb/HT213675
security@huntr.dev	https://support.apple.com/kb/HT213677
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2023/Mar/17
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2023/Mar/18
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2023/Mar/21
af854a3a-2127-422b-91ae-364da2661108	https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213670
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213675
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT213677

Impacted products

	Vendor	Product	Version
	vim	vim	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "220F342C-2B9D-4371-BD43-BED77B7E99BA",
              "versionEndExcluding": "9.0.1225",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en el repositorio de GitHub vim/vim anterior a 9.0.1225."
    }
  ],
  "id": "CVE-2023-0433",
  "lastModified": "2024-11-21T07:37:10.260",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-01-21T15:15:10.153",
  "references": [
    {
      "source": "security@huntr.dev",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/17"
    },
    {
      "source": "security@huntr.dev",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/18"
    },
    {
      "source": "security@huntr.dev",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
    },
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://support.apple.com/kb/HT213670"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://support.apple.com/kb/HT213675"
    },
    {
      "source": "security@huntr.dev",
      "url": "https://support.apple.com/kb/HT213677"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT213670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT213675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/kb/HT213677"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Secondary"
    }
  ]
}

GHSA-HV9J-PR23-X4HF

Vulnerability from github – Published: 2023-01-21 15:30 – Updated: 2023-01-30 18:30

Details

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-0433"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-01-21T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.",
  "id": "GHSA-hv9j-pr23-x4hf",
  "modified": "2023-01-30T18:30:27Z",
  "published": "2023-01-21T15:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0433"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213670"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213675"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT213677"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/17"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/18"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-0433

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.

Aliases

CVE-2023-0433

Aliases

CVE-2023-0433

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-0433",
    "id": "GSD-2023-0433",
    "references": [
      "https://advisories.mageia.org/CVE-2023-0433.html",
      "https://www.suse.com/security/cve/CVE-2023-0433.html",
      "https://ubuntu.com/security/CVE-2023-0433"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-0433"
      ],
      "details": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225.",
      "id": "GSD-2023-0433",
      "modified": "2023-12-13T01:20:22.346777Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@huntr.dev",
        "ID": "CVE-2023-0433",
        "STATE": "PUBLIC",
        "TITLE": "Heap-based Buffer Overflow in vim/vim"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "vim/vim",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "9.0.1225"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "vim"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-122 Heap-based Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e",
            "refsource": "CONFIRM",
            "url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
          },
          {
            "name": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b",
            "refsource": "MISC",
            "url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
          },
          {
            "name": "FEDORA-2023-2db4df65c3",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
          },
          {
            "name": "FEDORA-2023-93fb5b08eb",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
          },
          {
            "name": "https://support.apple.com/kb/HT213677",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT213677"
          },
          {
            "name": "https://support.apple.com/kb/HT213675",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT213675"
          },
          {
            "name": "https://support.apple.com/kb/HT213670",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT213670"
          },
          {
            "name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2023/Mar/17"
          },
          {
            "name": "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2023/Mar/18"
          },
          {
            "name": "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
          }
        ]
      },
      "source": {
        "advisory": "ae933869-a1ec-402a-bbea-d51764c6618e",
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vim:vim:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.0.1225",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2023-0433"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/vim/vim/commit/11977f917506d950b7e0cae558bd9189260b253b"
            },
            {
              "name": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://huntr.dev/bounties/ae933869-a1ec-402a-bbea-d51764c6618e"
            },
            {
              "name": "FEDORA-2023-2db4df65c3",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PZWIJBSQX53P7DHV77KRXJIXA4GH7XHC/"
            },
            {
              "name": "FEDORA-2023-93fb5b08eb",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EX6N2DB75A73MQGVW3CS4VTNPAYVM2M/"
            },
            {
              "name": "https://support.apple.com/kb/HT213670",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT213670"
            },
            {
              "name": "https://support.apple.com/kb/HT213675",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT213675"
            },
            {
              "name": "https://support.apple.com/kb/HT213677",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.apple.com/kb/HT213677"
            },
            {
              "name": "20230327 APPLE-SA-2023-03-27-5 macOS Big Sur 11.7.5",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2023/Mar/21"
            },
            {
              "name": "20230327 APPLE-SA-2023-03-27-3 macOS Ventura 13.3",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2023/Mar/17"
            },
            {
              "name": "20230327 APPLE-SA-2023-03-27-4 macOS Monterey 12.6.4",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2023/Mar/18"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-03-28T05:15Z",
      "publishedDate": "2023-01-21T15:15Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-0433 (GCVE-0-2023-0433)

Solution

Solutions

Solutions

Solution

Solutions

Solutions

Tags

Sightings

Nomenclature