Vulnerability-Lookup

CVE-2024-7971 (GCVE-0-2024-7971)

Vulnerability from cvelistv5 – Published: 2024-08-21 20:20 – Updated: 2025-10-21 22:55

CISA KEV

Summary

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-843 - Type confusion

Assigner

Chrome

References

2 references

URL	Tags
https://chromereleases.googleblog.com/2024/08/sta…
https://issues.chromium.org/issues/360700873

Impacted products

1 product

Vendor	Product	Version
Google	Chrome	Affected: 128.0.6613.84 , < 128.0.6613.84 (custom)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 9249982c-d874-42e8-b08b-94b165cc561e

Vulnerability ID: CVE-2024-7971

Status: Confirmed

Status Updated: 2024-08-26 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2024-08-26

Asserted: 2024-08-26

Scope

Notes: KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html; https://nvd.nist.gov/vuln/detail/CVE-2024-7971

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-843
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Chromium V8
Due Date	2024-09-16
Date Added	2024-08-26
Vendorproject	Google
Vulnerabilityname	Google Chromium V8 Type Confusion Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2024-7971

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "chrome",
            "vendor": "google",
            "versions": [
              {
                "lessThan": "128.0.6613.84",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-7971",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-26T14:07:05.368281Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2024-08-26",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-843",
                "description": "CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T22:55:46.906Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2024-08-26T00:00:00.000Z",
            "value": "CVE-2024-7971 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-31T13:00:15.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Chrome",
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "128.0.6613.84",
              "status": "affected",
              "version": "128.0.6613.84",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-843",
              "description": "Type confusion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-21T20:20:24.778Z",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
        },
        {
          "url": "https://issues.chromium.org/issues/360700873"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2024-7971",
    "datePublished": "2024-08-21T20:20:24.778Z",
    "dateReserved": "2024-08-19T19:17:20.787Z",
    "dateUpdated": "2025-10-21T22:55:46.906Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2024-7971",
      "cwes": "[\"CWE-843\"]",
      "dateAdded": "2024-08-26",
      "dueDate": "2024-09-16",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html; https://nvd.nist.gov/vuln/detail/CVE-2024-7971",
      "product": "Chromium V8",
      "requiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.",
      "vendorProject": "Google",
      "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability"
    },
    "epss": {
      "cve": "CVE-2024-7971",
      "date": "2026-05-21",
      "epss": "0.00962",
      "percentile": "0.76729"
    },
    "fkie_nvd": {
      "cisaActionDue": "2024-09-16",
      "cisaExploitAdd": "2024-08-26",
      "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
      "cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"128.0.6613.84\", \"matchCriteriaId\": \"DAE0C7AB-1D61-4449-BC82-915B019F311F\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"128.0.2739.42\", \"matchCriteriaId\": \"5B3C4915-21C5-4DB1-8791-EB3AEB04A654\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}, {\"lang\": \"es\", \"value\": \"La confusi\\u00f3n de tipos en V8 en Google Chrome anterior a 128.0.6613.84 permit\\u00eda a un atacante remoto explotar la corrupci\\u00f3n del mont\\u00f3n a trav\\u00e9s de una p\\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)\"}]",
      "id": "CVE-2024-7971",
      "lastModified": "2025-01-03T19:39:45.157",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 9.6, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 6.0}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2024-08-21T21:15:09.277",
      "references": "[{\"url\": \"https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://issues.chromium.org/issues/360700873\", \"source\": \"chrome-cve-admin@google.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "chrome-cve-admin@google.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"chrome-cve-admin@google.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-843\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-7971\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2024-08-21T21:15:09.277\",\"lastModified\":\"2025-10-24T14:06:55.163\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"},{\"lang\":\"es\",\"value\":\"La confusi\u00f3n de tipos en V8 en Google Chrome anterior a 128.0.6613.84 permit\u00eda a un atacante remoto explotar la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.6,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2024-08-26\",\"cisaActionDue\":\"2024-09-16\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"Google Chromium V8 Type Confusion Vulnerability\",\"weaknesses\":[{\"source\":\"chrome-cve-admin@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-843\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"128.0.6613.84\",\"matchCriteriaId\":\"DAE0C7AB-1D61-4449-BC82-915B019F311F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"128.0.2739.42\",\"matchCriteriaId\":\"5B3C4915-21C5-4DB1-8791-EB3AEB04A654\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://issues.chromium.org/issues/360700873\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-31T13:00:15.239Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7971\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-26T14:07:05.368281Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2024-08-26\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\"], \"vendor\": \"google\", \"product\": \"chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"128.0.6613.84\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-08-26T00:00:00.000Z\", \"value\": \"CVE-2024-7971 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-843\", \"description\": \"CWE-843 Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-22T13:43:40.014Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"128.0.6613.84\", \"lessThan\": \"128.0.6613.84\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html\"}, {\"url\": \"https://issues.chromium.org/issues/360700873\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"cweId\": \"CWE-843\", \"description\": \"Type confusion\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2024-08-21T20:20:24.778Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-7971\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T22:55:46.906Z\", \"dateReserved\": \"2024-08-19T19:17:20.787Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2024-08-21T20:20:24.778Z\", \"assignerShortName\": \"Chrome\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0706

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Google indique que la vulnérabilité CVE-2024-7971 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Google	N/A	Google Chrome versions antérieures à 128.0.6613.84/.85 sur Windows et Mac
	Google	N/A	Google Chrome versions antérieures à 128.0.6613.84 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Google Chrome

2024-08-21

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 128.0.6613.84/.85 sur Windows et Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 128.0.6613.84 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0706",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2024-7971 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": "2024-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Google Chrome",
      "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
    }
  ]
}

CERTFR-2024-AVI-0711

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.

Microsoft indique que la vulnérabilité CVE-2024-7971 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 128.0.2739.42
	Microsoft	Edge	Microsoft Edge pour Android versions antérieures à 128.0.2739.42

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Edge CVE-2024-7976	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7971	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7973	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7968	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7974	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7967	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8033	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7972	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7977	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8035	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-41879	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8034	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38210	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7978	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7969	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7964	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7980	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7979	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7966	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38209	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7975	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38208	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7981	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7965	2024-08-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 128.0.2739.42",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge pour Android versions ant\u00e9rieures \u00e0 128.0.2739.42",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-38210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38210"
    },
    {
      "name": "CVE-2024-38209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38209"
    },
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-41879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41879"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-38208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38208"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0711",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2024-7971 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7976",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7976"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7971",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7973",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7973"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7968",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7968"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7974",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7974"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7967",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7967"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8033",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8033"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7972",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7972"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7977",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7977"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8035",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8035"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-41879",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41879"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8034",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8034"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38210",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38210"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7978",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7978"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7969",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7969"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7964",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7964"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7980",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7980"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7979",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7979"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7966",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7966"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38209"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7975",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7975"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38208",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38208"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7981",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7981"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7965",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7965"
    }
  ]
}

CERTFR-2024-AVI-0770

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.12
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.12
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.1
Palo Alto Networks	Prisma Access	Prisma Access versions antérieures à 10.2.9 sur PAN-OS
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x antérieures à 9.0.17
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.3
Palo Alto Networks	ActiveMQ Content Pack	ActiveMQ Content Pack versions 1.1.x antérieures à 1.1.15
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.11
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.2.x antérieures à 6.2.1
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent toutes versions antérieures à 8.2
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions 128.x.x.x postérieures à 128.91.2869.7 et antérieures à 128.138.2888.2
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.4
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.0.x antérieures à 6.0.7
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.25
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.13
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.17
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.1.x antérieures à 6.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks PAN-219031 et PAN-192893	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-204689 et GPC-16848	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-151792 et PAN-82874	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CPATR-20644	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CRTX-105751	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2024-0009	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-263321	2024-09-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions ant\u00e9rieures \u00e0 10.2.9 sur PAN-OS",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "ActiveMQ Content Pack versions 1.1.x ant\u00e9rieures \u00e0 1.1.15",
      "product": {
        "name": "ActiveMQ Content Pack",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent toutes versions ant\u00e9rieures \u00e0 8.2",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions 128.x.x.x post\u00e9rieures \u00e0 128.91.2869.7 et ant\u00e9rieures \u00e0 128.138.2888.2",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.25",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.13",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8193"
    },
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8691"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8636"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-8686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8686"
    },
    {
      "name": "CVE-2024-8638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8638"
    },
    {
      "name": "CVE-2024-8639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8639"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-8362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8362"
    },
    {
      "name": "CVE-2024-8687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8687"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-8637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8637"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-8689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8689"
    },
    {
      "name": "CVE-2024-8198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8198"
    },
    {
      "name": "CVE-2024-8688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8688"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7970"
    },
    {
      "name": "CVE-2024-8690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8690"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8194"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0770",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-219031 et PAN-192893",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8691"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-204689 et GPC-16848",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8687"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-151792 et PAN-82874",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8688"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-20644",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8690"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105751",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8689"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0009",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0009"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-263321",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8686"
    }
  ]
}

CERTFR-2024-AVI-0706

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Google indique que la vulnérabilité CVE-2024-7971 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Google	N/A	Google Chrome versions antérieures à 128.0.6613.84/.85 sur Windows et Mac
	Google	N/A	Google Chrome versions antérieures à 128.0.6613.84 sur Linux

References

Title

Publication Time

Tags

Bulletin de sécurité Google Chrome

2024-08-21

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 128.0.6613.84/.85 sur Windows et Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    },
    {
      "description": "Google Chrome versions ant\u00e9rieures \u00e0 128.0.6613.84 sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Google",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0706",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nGoogle indique que la vuln\u00e9rabilit\u00e9 CVE-2024-7971 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
  "vendor_advisories": [
    {
      "published_at": "2024-08-21",
      "title": "Bulletin de s\u00e9curit\u00e9 Google Chrome",
      "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
    }
  ]
}

CERTFR-2024-AVI-0711

Vulnerability from certfr_avis - Published: - Updated:

Microsoft indique que la vulnérabilité CVE-2024-7971 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge versions antérieures à 128.0.2739.42
	Microsoft	Edge	Microsoft Edge pour Android versions antérieures à 128.0.2739.42

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft Edge CVE-2024-7976	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7971	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7973	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7968	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7974	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7967	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8033	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7972	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7977	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8035	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-41879	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-8034	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38210	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7978	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7969	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7964	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7980	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7979	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7966	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38209	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7975	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-38208	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7981	2024-08-22	vendor-advisory
Bulletin de sécurité Microsoft Edge CVE-2024-7965	2024-08-22	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge versions ant\u00e9rieures \u00e0 128.0.2739.42",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Edge pour Android versions ant\u00e9rieures \u00e0 128.0.2739.42",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-38210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38210"
    },
    {
      "name": "CVE-2024-38209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38209"
    },
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-41879",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41879"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-38208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38208"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0711",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-08-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n\nMicrosoft indique que la vuln\u00e9rabilit\u00e9 CVE-2024-7971 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7976",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7976"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7971",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7973",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7973"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7968",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7968"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7974",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7974"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7967",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7967"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8033",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8033"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7972",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7972"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7977",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7977"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8035",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8035"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-41879",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41879"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-8034",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-8034"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38210",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38210"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7978",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7978"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7969",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7969"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7964",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7964"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7980",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7980"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7979",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7979"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7966",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7966"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38209"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7975",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7975"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-38208",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38208"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7981",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7981"
    },
    {
      "published_at": "2024-08-22",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2024-7965",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7965"
    }
  ]
}

CERTFR-2024-AVI-0770

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Palo Alto Networks	PAN-OS	PAN-OS versions 10.0.x antérieures à 10.0.12
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.1.x antérieures à 5.1.12
Palo Alto Networks	PAN-OS	PAN-OS versions 11.0.x antérieures à 11.0.1
Palo Alto Networks	Prisma Access	Prisma Access versions antérieures à 10.2.9 sur PAN-OS
Palo Alto Networks	PAN-OS	PAN-OS versions 9.0.x antérieures à 9.0.17
Palo Alto Networks	PAN-OS	PAN-OS versions 11.2.x antérieures à 11.2.3
Palo Alto Networks	ActiveMQ Content Pack	ActiveMQ Content Pack versions 1.1.x antérieures à 1.1.15
Palo Alto Networks	PAN-OS	PAN-OS versions 10.1.x antérieures à 10.1.11
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.2.x antérieures à 6.2.1
Palo Alto Networks	Cortex XDR Agent	Cortex XDR Agent toutes versions antérieures à 8.2
Palo Alto Networks	Prisma Access Browser	Prisma Access Browser versions 128.x.x.x postérieures à 128.91.2869.7 et antérieures à 128.138.2888.2
Palo Alto Networks	PAN-OS	PAN-OS versions 10.2.x antérieures à 10.2.4
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.0.x antérieures à 6.0.7
Palo Alto Networks	PAN-OS	PAN-OS versions 8.1.x antérieures à 8.1.25
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 5.2.x antérieures à 5.2.13
Palo Alto Networks	PAN-OS	PAN-OS versions 9.1.x antérieures à 9.1.17
Palo Alto Networks	GlobalProtect App	GlobalProtect App versions 6.1.x antérieures à 6.1.2

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks PAN-219031 et PAN-192893	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-204689 et GPC-16848	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-151792 et PAN-82874	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CPATR-20644	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks CRTX-105751	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-SA-2024-0009	2024-09-11	vendor-advisory
Bulletin de sécurité Palo Alto Networks PAN-263321	2024-09-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "PAN-OS versions 10.0.x ant\u00e9rieures \u00e0 10.0.12",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.1.x ant\u00e9rieures \u00e0 5.1.12",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.0.x ant\u00e9rieures \u00e0 11.0.1",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access versions ant\u00e9rieures \u00e0 10.2.9 sur PAN-OS",
      "product": {
        "name": "Prisma Access",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 11.2.x ant\u00e9rieures \u00e0 11.2.3",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "ActiveMQ Content Pack versions 1.1.x ant\u00e9rieures \u00e0 1.1.15",
      "product": {
        "name": "ActiveMQ Content Pack",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.1.x ant\u00e9rieures \u00e0 10.1.11",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.2.x ant\u00e9rieures \u00e0 6.2.1",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Cortex XDR Agent toutes versions ant\u00e9rieures \u00e0 8.2",
      "product": {
        "name": "Cortex XDR Agent",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Prisma Access Browser versions 128.x.x.x post\u00e9rieures \u00e0 128.91.2869.7 et ant\u00e9rieures \u00e0 128.138.2888.2",
      "product": {
        "name": "Prisma Access Browser",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 10.2.x ant\u00e9rieures \u00e0 10.2.4",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.0.x ant\u00e9rieures \u00e0 6.0.7",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 8.1.x ant\u00e9rieures \u00e0 8.1.25",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 5.2.x ant\u00e9rieures \u00e0 5.2.13",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.17",
      "product": {
        "name": "PAN-OS",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect App versions 6.1.x ant\u00e9rieures \u00e0 6.1.2",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-8193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8193"
    },
    {
      "name": "CVE-2024-7976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7976"
    },
    {
      "name": "CVE-2024-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7973"
    },
    {
      "name": "CVE-2024-7969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7969"
    },
    {
      "name": "CVE-2024-8691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8691"
    },
    {
      "name": "CVE-2024-8035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8035"
    },
    {
      "name": "CVE-2024-7980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7980"
    },
    {
      "name": "CVE-2024-7975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7975"
    },
    {
      "name": "CVE-2024-7964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7964"
    },
    {
      "name": "CVE-2024-8636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8636"
    },
    {
      "name": "CVE-2024-7968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7968"
    },
    {
      "name": "CVE-2024-8686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8686"
    },
    {
      "name": "CVE-2024-8638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8638"
    },
    {
      "name": "CVE-2024-8639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8639"
    },
    {
      "name": "CVE-2024-7977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7977"
    },
    {
      "name": "CVE-2024-8362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8362"
    },
    {
      "name": "CVE-2024-8687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8687"
    },
    {
      "name": "CVE-2024-7966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7966"
    },
    {
      "name": "CVE-2024-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7979"
    },
    {
      "name": "CVE-2024-7974",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7974"
    },
    {
      "name": "CVE-2024-8637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8637"
    },
    {
      "name": "CVE-2024-7972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7972"
    },
    {
      "name": "CVE-2024-7967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7967"
    },
    {
      "name": "CVE-2024-8689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8689"
    },
    {
      "name": "CVE-2024-8198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8198"
    },
    {
      "name": "CVE-2024-8688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8688"
    },
    {
      "name": "CVE-2024-8034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8034"
    },
    {
      "name": "CVE-2024-7970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7970"
    },
    {
      "name": "CVE-2024-8690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8690"
    },
    {
      "name": "CVE-2024-7981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7981"
    },
    {
      "name": "CVE-2024-8033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8033"
    },
    {
      "name": "CVE-2024-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8194"
    },
    {
      "name": "CVE-2024-7978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7978"
    },
    {
      "name": "CVE-2024-7971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7971"
    },
    {
      "name": "CVE-2024-7965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7965"
    }
  ],
  "links": [],
  "reference": "CERTFR-2024-AVI-0770",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Palo Alto Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-219031 et PAN-192893",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8691"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-204689 et GPC-16848",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8687"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-151792 et PAN-82874",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8688"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CPATR-20644",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8690"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CRTX-105751",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8689"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-SA-2024-0009",
      "url": "https://security.paloaltonetworks.com/PAN-SA-2024-0009"
    },
    {
      "published_at": "2024-09-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks PAN-263321",
      "url": "https://security.paloaltonetworks.com/CVE-2024-8686"
    }
  ]
}

BDU:2024-06562

Vulnerability from fstec - Published: 21.08.2024

Title

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код с помощью специально сформированной HTML-страницы

Description

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge связана с ошибками смешения типов данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированной HTML-страницы

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vendor

Novell Inc., Сообщество свободного программного обеспечения, ООО «Ред Софт», ООО «РусБИТех-Астра», Google Inc, Microsoft Corp, АО "НППКТ"

Software Name

OpenSUSE Leap, openSUSE Tumbleweed, Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), SUSE Package Hub, Google Chrome, Microsoft Edge, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)

Software Version

15.5 (OpenSUSE Leap), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 «Смоленск» (Astra Linux Common Edition), 15 SP5 (SUSE Package Hub), 15.6 (OpenSUSE Leap), до 128.0.6613.84 (Google Chrome), до 128.0.2739.42 (Microsoft Edge), 1.8 (Astra Linux Special Edition), до 2.12 (ОСОН ОСнова Оnyx)

Possible Mitigations

Использование рекомендаций: Для Google Chrome: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2024-7971 Для Microsoft Edge: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2024-7971.html Для Astra Linux Special Edition 4.7 для архитектуры ARM: обновить пакет chromium до 1:129.0.6668.100-0astragost0+ci202410111611+astra8+ci2 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 Для ОС Astra Linux: обновить пакет chromium до 1:128.0.6613.119-0astragost0+ci202409101631+astra8 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD Для ОС Astra Linux: обновить пакет chromium до 1:130.0.6723.92-0astragost0+ci202411071347+astra6 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD Обновление программного обеспечения chromium до версии 131.0.6778.264+repack-1~deb12u1.osnova2u1 Для ОС Astra Linux: обновить пакет chromium до 1:142.0.7444.175-0astragost0+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

Reference

https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html https://security-tracker.debian.org/tracker/CVE-2024-7971 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971 https://xakep.ru/2024/09/02/cve-2024-7971-citrine-sleet/ http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ https://www.suse.com/security/cve/CVE-2024-7971.html https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/ https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.12/ https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16

CWE

CWE-843

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO1672",
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO1672 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Google Chrome",
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Google Inc, Microsoft Corp, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.5 (OpenSUSE Leap), - (openSUSE Tumbleweed), 11 (Debian GNU/Linux), 12 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Common Edition), 15 SP5 (SUSE Package Hub), 15.6 (OpenSUSE Leap), \u0434\u043e 128.0.6613.84 (Google Chrome), \u0434\u043e 128.0.2739.42 (Microsoft Edge), 1.8 (Astra Linux Special Edition), \u0434\u043e 2.12 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Google Chrome:\nhttps://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2024-7971\n\n\u0414\u043b\u044f Microsoft Edge:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2024-7971.html\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:129.0.6668.100-0astragost0+ci202410111611+astra8+ci2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:128.0.6613.119-0astragost0+ci202409101631+astra8 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:130.0.6723.92-0astragost0+ci202411071347+astra6 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f chromium \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 131.0.6778.264+repack-1~deb12u1.osnova2u1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 chromium \u0434\u043e 1:142.0.7444.175-0astragost0+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.08.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "30.08.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-06562",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-7971",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, openSUSE Tumbleweed, Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), SUSE Package Hub, Google Chrome, Microsoft Edge, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , Novell Inc. OpenSUSE Leap 15.5 , Microsoft Corp Windows - , Novell Inc. openSUSE Tumbleweed - , Apple Inc. MacOS - , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 12 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.8  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.12  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 JavaScript-\u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Google Chrome \u0438 Microsoft Edge, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0414\u043e\u0441\u0442\u0443\u043f \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043e\u0432\u043c\u0435\u0441\u0442\u0438\u043c\u044b\u0435 \u0442\u0438\u043f\u044b (CWE-843)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430 JavaScript-\u0441\u0446\u0435\u043d\u0430\u0440\u0438\u0435\u0432 V8 \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Google Chrome \u0438 Microsoft Edge \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0441\u043c\u0435\u0448\u0435\u043d\u0438\u044f \u0442\u0438\u043f\u043e\u0432 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0439 HTML-\u0441\u0442\u0440\u0430\u043d\u0438\u0446\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html\nhttps://security-tracker.debian.org/tracker/CVE-2024-7971\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971\nhttps://xakep.ru/2024/09/02/cve-2024-7971-citrine-sleet/\nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\nhttps://www.suse.com/security/cve/CVE-2024-7971.html\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2024-1031SE47\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2024-1108SE17MD\nhttps://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/\nhttps://wiki.astralinux.ru/astra-linux-se18-bulletin-2025-0114SE18MD\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.12/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20251225SE16",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-843",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,8)"
}

FKIE_CVE-2024-7971

Vulnerability from fkie_nvd - Published: 2024-08-21 21:15 - Updated: 2025-10-24 14:06

CISA KEV

Severity ?

9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References

URL	Tags
chrome-cve-admin@google.com	https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html	Release Notes
chrome-cve-admin@google.com	https://issues.chromium.org/issues/360700873	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/	Exploit, Patch, Third Party Advisory, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971	US Government Resource

Impacted products

	Vendor	Product	Version
	google	chrome	*
	microsoft	edge	*

JSON

To clipboard

{
  "cisaActionDue": "2024-09-16",
  "cisaExploitAdd": "2024-08-26",
  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
  "cisaVulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE0C7AB-1D61-4449-BC82-915B019F311F",
              "versionEndExcluding": "128.0.6613.84",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B3C4915-21C5-4DB1-8791-EB3AEB04A654",
              "versionEndExcluding": "128.0.2739.42",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
    },
    {
      "lang": "es",
      "value": "La confusi\u00f3n de tipos en V8 en Google Chrome anterior a 128.0.6613.84 permit\u00eda a un atacante remoto explotar la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
    }
  ],
  "id": "CVE-2024-7971",
  "lastModified": "2025-10-24T14:06:55.163",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-08-21T21:15:09.277",
  "references": [
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
    },
    {
      "source": "chrome-cve-admin@google.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://issues.chromium.org/issues/360700873"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971"
    }
  ],
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "chrome-cve-admin@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-843"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

GHSA-PQ5W-H3JM-M95C

Vulnerability from github – Published: 2024-08-21 21:30 – Updated: 2025-10-22 00:33

Details

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-7971"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-843"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-21T21:15:09Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
  "id": "GHSA-pq5w-h3jm-m95c",
  "modified": "2025-10-22T00:33:05Z",
  "published": "2024-08-21T21:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7971"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
    },
    {
      "type": "WEB",
      "url": "https://issues.chromium.org/issues/360700873"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-7971"
    },
    {
      "type": "WEB",
      "url": "https://www.microsoft.com/en-us/security/blog/2024/08/30/north-korean-threat-actor-citrine-sleet-exploiting-chromium-zero-day"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

NCSC-2024-0351

Vulnerability from csaf_ncscnl - Published: 2024-08-22 11:42 - Updated: 2024-08-23 12:59

Summary

Kwetsbaarheden verholpen in Google Chrome, Chromium & Microsoft Edge

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Google heeft kwetsbaarheden verholpen in Chrome en Chromium.

Interpretaties: Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken of code uit te voeren in de browser van het slachtoffer en daarmee mogelijk toegang krijgen tot gevoelige gegevens in de context van de browser van het slachtoffer. Google meldt berichten te hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2024-7971 beperkt en gericht wordt misbruikt. Publieke Proof-of-Concept-code (PoC) of een publieke exploit is (nog) niet beschikbaar.

Oplossingen: Google heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Chrome en Chromium 128.0.6613.84 en 128.0.6613.85. Microsoft heeft out of band updates uitgebracht om de kwetsbaarheden te verhelpen in Edge 128.0.2739.42. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-122: Heap-based Buffer Overflow

CWE-416: Use After Free

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2024-7964

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7965

CVE-2024-7966

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7967

CWE-122 - Heap-based Buffer Overflow

CVE-2024-7968

CWE-416 - Use After Free

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7969

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7971

CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')

CVE-2024-7972

CVE-2024-7973

CWE-122 - Heap-based Buffer Overflow

CVE-2024-7974

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7975

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7976

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7977

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7978

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-7979

CVE-2024-7980

CVE-2024-7981

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-8033

CVE-2024-8034

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

CVE-2024-8035

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
chrome google	`cpe:2.3:a:google:chrome::::::::`	—

References

22 references

URL	Category
https://chromereleases.googleblog.com/2024/08/sta…	external
https://msrc.microsoft.com/update-guide/vulnerabi…	external
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self
https://api.ncsc.nl/velma/v1/vulnerabilities/2024…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Google heeft kwetsbaarheden verholpen in Chrome en Chromium.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om een Denial-of-Service te veroorzaken of code uit te voeren in de browser van het slachtoffer en daarmee mogelijk toegang krijgen tot gevoelige gegevens in de context van de browser van het slachtoffer.\n\nGoogle meldt berichten te hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2024-7971 beperkt en gericht wordt misbruikt. Publieke Proof-of-Concept-code (PoC) of een publieke exploit is (nog) niet beschikbaar.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Google heeft updates uitgebracht om de kwetsbaarheden te verhelpen in Chrome en Chromium 128.0.6613.84 en 128.0.6613.85.\nMicrosoft heeft out of band updates uitgebracht om de kwetsbaarheden te verhelpen in Edge 128.0.2739.42.\n\nZie bijgevoegde referenties voor meer informatie.\n",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Source - chrome",
        "url": "https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html"
      },
      {
        "category": "external",
        "summary": "Reference - hkcert",
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-7971"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Google Chrome, Chromium \u0026 Microsoft Edge",
    "tracking": {
      "current_release_date": "2024-08-23T12:59:41.787815Z",
      "id": "NCSC-2024-0351",
      "initial_release_date": "2024-08-22T11:42:49.629133Z",
      "revision_history": [
        {
          "date": "2024-08-22T11:42:49.629133Z",
          "number": "0",
          "summary": "Initiele versie"
        },
        {
          "date": "2024-08-23T12:59:41.787815Z",
          "number": "1",
          "summary": "Micrososft heeft de kwetsbaarheden verholpen in Edge "
        }
      ],
      "status": "final",
      "version": "1.0.1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "chrome",
            "product": {
              "name": "chrome",
              "product_id": "CSAFPID-2738",
              "product_identification_helper": {
                "cpe": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "google"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-7964",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7964",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7964.json"
        }
      ],
      "title": "CVE-2024-7964"
    },
    {
      "cve": "CVE-2024-7965",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7965",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7965.json"
        }
      ],
      "title": "CVE-2024-7965"
    },
    {
      "cve": "CVE-2024-7966",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7966",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7966.json"
        }
      ],
      "title": "CVE-2024-7966"
    },
    {
      "cve": "CVE-2024-7967",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7967",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7967.json"
        }
      ],
      "title": "CVE-2024-7967"
    },
    {
      "cve": "CVE-2024-7968",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7968",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7968.json"
        }
      ],
      "title": "CVE-2024-7968"
    },
    {
      "cve": "CVE-2024-7969",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7969",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7969.json"
        }
      ],
      "title": "CVE-2024-7969"
    },
    {
      "cve": "CVE-2024-7971",
      "cwe": {
        "id": "CWE-843",
        "name": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
          "title": "CWE-843"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7971",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7971.json"
        }
      ],
      "title": "CVE-2024-7971"
    },
    {
      "cve": "CVE-2024-7972",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7972",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7972.json"
        }
      ],
      "title": "CVE-2024-7972"
    },
    {
      "cve": "CVE-2024-7973",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        }
      ],
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7973",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7973.json"
        }
      ],
      "title": "CVE-2024-7973"
    },
    {
      "cve": "CVE-2024-7974",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7974",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7974.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2738"
          ]
        }
      ],
      "title": "CVE-2024-7974"
    },
    {
      "cve": "CVE-2024-7975",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7975",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7975.json"
        }
      ],
      "title": "CVE-2024-7975"
    },
    {
      "cve": "CVE-2024-7976",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7976",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7976.json"
        }
      ],
      "title": "CVE-2024-7976"
    },
    {
      "cve": "CVE-2024-7977",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7977",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7977.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-2738"
          ]
        }
      ],
      "title": "CVE-2024-7977"
    },
    {
      "cve": "CVE-2024-7978",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7978",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7978.json"
        }
      ],
      "title": "CVE-2024-7978"
    },
    {
      "cve": "CVE-2024-7979",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7979",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7979.json"
        }
      ],
      "title": "CVE-2024-7979"
    },
    {
      "cve": "CVE-2024-7980",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7980",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7980.json"
        }
      ],
      "title": "CVE-2024-7980"
    },
    {
      "cve": "CVE-2024-7981",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7981",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-7981.json"
        }
      ],
      "title": "CVE-2024-7981"
    },
    {
      "cve": "CVE-2024-8033",
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8033",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8033.json"
        }
      ],
      "title": "CVE-2024-8033"
    },
    {
      "cve": "CVE-2024-8034",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8034",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8034.json"
        }
      ],
      "title": "CVE-2024-8034"
    },
    {
      "cve": "CVE-2024-8035",
      "product_status": {
        "known_affected": [
          "CSAFPID-2738"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8035",
          "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-8035.json"
        }
      ],
      "title": "CVE-2024-8035"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-7971 (GCVE-0-2024-7971)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solutions

Solutions

Solutions

Solutions

Solutions

Solutions

Tags

Sightings

Nomenclature