Vulnerability-Lookup

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-03-07T00:10:49.291Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/05/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/02/05/5"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250306-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-0665",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-17T17:42:03.317434Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-17T17:42:06.679Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "curl",
          "vendor": "curl",
          "versions": [
            {
              "lessThanOrEqual": "8.11.1",
              "status": "affected",
              "version": "8.11.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Christian Heusel"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Andy Pan"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libcurl would wrongly close the same eventfd file descriptor twice when taking\ndown a connection channel after having completed a threaded name resolve."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1341 Multiple Releases of Same Resource or Handle",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-05T09:16:49.038Z",
        "orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
        "shortName": "curl"
      },
      "references": [
        {
          "name": "json",
          "url": "https://curl.se/docs/CVE-2025-0665.json"
        },
        {
          "name": "www",
          "url": "https://curl.se/docs/CVE-2025-0665.html"
        },
        {
          "name": "issue",
          "url": "https://hackerone.com/reports/2954286"
        }
      ],
      "title": "eventfd double close"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
    "assignerShortName": "curl",
    "cveId": "CVE-2025-0665",
    "datePublished": "2025-02-05T09:16:49.038Z",
    "dateReserved": "2025-01-23T08:40:34.867Z",
    "dateUpdated": "2026-03-17T17:42:06.679Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-0665",
      "date": "2026-05-24",
      "epss": "0.04569",
      "percentile": "0.89331"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-0665\",\"sourceIdentifier\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"published\":\"2025-02-05T10:15:22.857\",\"lastModified\":\"2026-03-17T18:16:14.243\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libcurl would wrongly close the same eventfd file descriptor twice when taking\\ndown a connection channel after having completed a threaded name resolve.\"},{\"lang\":\"es\",\"value\":\"libcurl cerrar\u00eda incorrectamente el mismo descriptor de archivo eventfd dos veces al finalizar un canal de conexi\u00f3n despu\u00e9s de haber completado una resoluci\u00f3n de nombre enhebrado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":4.7}]},\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:8.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC5F2B81-22E8-4A24-B4AA-86FC581E95D9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95BA156C-C977-4F0C-8DFB-3FAE9CC8C02D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD7447BC-F315-4298-A822-549942FC118B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6770B6C3-732E-4E22-BF1C-2D2FD610061C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F9C8C20-42EB-4AB5-BD97-212DEB070C43\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"234DEFE0-5CE5-4B0A-96B8-5D227CB8ED31\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDDF61B7-EC5C-467C-B710-B89F502CD04F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0B4AD8A-F172-4558-AEC6-FF424BA2D912\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8497A4C9-8474-4A62-8331-3FE862ED4098\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FFF7106-ED78-49BA-9EC5-B889E3685D53\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E63D8B0F-006E-4801-BF9D-1C001BBFB4F9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56409CEC-5A1E-4450-AA42-641E459CC2AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B06F4839-D16A-4A61-9BB5-55B13F41E47F\"}]}]}],\"references\":[{\"url\":\"https://curl.se/docs/CVE-2025-0665.html\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://curl.se/docs/CVE-2025-0665.json\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://hackerone.com/reports/2954286\",\"source\":\"2499f714-1537-4658-8207-48ae4bb9eae9\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/02/05/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/02/05/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20250306-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/02/05/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/02/05/5\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20250306-0007/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-03-07T00:10:49.291Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-0665\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-17T17:42:03.317434Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-05T14:25:37.554Z\"}}], \"cna\": {\"title\": \"eventfd double close\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Christian Heusel\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Andy Pan\"}], \"affected\": [{\"vendor\": \"curl\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.11.1\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.11.1\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://curl.se/docs/CVE-2025-0665.json\", \"name\": \"json\"}, {\"url\": \"https://curl.se/docs/CVE-2025-0665.html\", \"name\": \"www\"}, {\"url\": \"https://hackerone.com/reports/2954286\", \"name\": \"issue\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"libcurl would wrongly close the same eventfd file descriptor twice when taking\\ndown a connection channel after having completed a threaded name resolve.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-1341 Multiple Releases of Same Resource or Handle\"}]}], \"providerMetadata\": {\"orgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"shortName\": \"curl\", \"dateUpdated\": \"2025-02-05T09:16:49.038Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-0665\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-17T17:42:06.679Z\", \"dateReserved\": \"2025-01-23T08:40:34.867Z\", \"assignerOrgId\": \"2499f714-1537-4658-8207-48ae4bb9eae9\", \"datePublished\": \"2025-02-05T09:16:49.038Z\", \"assignerShortName\": \"curl\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0098

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Curl. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Curl	cURL et libcurl	curl et libcurl versions 7.10.5 à 8.11.x antérieures à 8.12.0

References

Title

Publication Time

Tags

Bulletin de sécurité Curl CVE-2025-0167	2025-02-05	vendor-advisory
Bulletin de sécurité Curl CVE-2025-0725	2025-02-05	vendor-advisory
Bulletin de sécurité Curl CVE-2025-0665	2025-02-05	vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "curl et libcurl versions 7.10.5 \u00e0 8.11.x ant\u00e9rieures \u00e0 8.12.0 ",
      "product": {
        "name": "cURL et libcurl",
        "vendor": {
          "name": "Curl",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0098",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Curl. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Curl",
  "vendor_advisories": [
    {
      "published_at": "2025-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Curl CVE-2025-0167",
      "url": "https://curl.se/docs/CVE-2025-0167.html"
    },
    {
      "published_at": "2025-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Curl CVE-2025-0725",
      "url": "https://curl.se/docs/CVE-2025-0725.html"
    },
    {
      "published_at": "2025-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Curl CVE-2025-0665",
      "url": "https://curl.se/docs/CVE-2025-0665.html"
    }
  ]
}

CERTFR-2025-AVI-0102

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Tenable. Entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.77.8

References

Title

Publication Time

Tags

2025-02-20

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.77.8",
      "product": {
        "name": "Identity Exposure",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2025-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1091"
    },
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2025-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0760"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0102",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-07T00:00:00.000000"
    },
    {
      "description": "Ajout des vuln\u00e9rabilit\u00e9s CVE-2025-0167, CVE-2025-0665 et CVE-2025-0725",
      "revision_date": "2025-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Tenable. Entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2025-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-01",
      "url": "https://www.tenable.com/security/tns-2025-01"
    }
  ]
}

CERTFR-2025-AVI-0150

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Tenable Identity Exposure. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.77.9

References

Title

Publication Time

Tags

2025-02-20

vendor-advisory

Bulletin de sécurité Tenable tns-2025-04

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.77.9",
      "product": {
        "name": "Identity Exposure",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2025-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1091"
    },
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2025-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0760"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0150",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Identity Exposure. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Identity Exposure",
  "vendor_advisories": [
    {
      "published_at": "2025-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-01",
      "url": "https://www.tenable.com/security/tns-2025-01"
    }
  ]
}

CERTFR-2025-AVI-0328

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Tenable Security Center. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Security Center	Security Center sans le correctif de sécurité Patch SC-202504.2

References

Title

Publication Time

Tags

2025-04-17

vendor-advisory

Bulletin de sécurité Siemens SSA-089022

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": " Security Center sans le correctif de s\u00e9curit\u00e9 Patch SC-202504.2",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2025-1217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1217"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2024-6874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6874"
    },
    {
      "name": "CVE-2025-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1736"
    },
    {
      "name": "CVE-2024-6197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
    },
    {
      "name": "CVE-2025-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1734"
    },
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1861"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2025-1219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1219"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0328",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
  "vendor_advisories": [
    {
      "published_at": "2025-04-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-04",
      "url": "https://www.tenable.com/security/tns-2025-04"
    }
  ]
}

CERTFR-2026-AVI-0101

Vulnerability from certfr_avis - Published: 2026-01-29 - Updated: 2026-01-29

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	SCALANCE	SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions antérieures à 3.3
Siemens	SCALANCE	SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions antérieures à 3.3

References

Title

Publication Time

Tags

2026-01-28

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCH328 (6GK5328-4TS01-2EC2) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM328 (6GK5328-4TS01-2AC2) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XCM324 (6GK5324-8TS01-2AC2) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) versions ant\u00e9rieures \u00e0 3.3",
      "product": {
        "name": "SCALANCE",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2025-9231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
    },
    {
      "name": "CVE-2025-10148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2025-32433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-32433"
    },
    {
      "name": "CVE-2025-4373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4373"
    },
    {
      "name": "CVE-2025-39853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39853"
    },
    {
      "name": "CVE-2025-39865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39865"
    },
    {
      "name": "CVE-2024-41996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41996"
    },
    {
      "name": "CVE-2025-27587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27587"
    },
    {
      "name": "CVE-2023-39810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39810"
    },
    {
      "name": "CVE-2025-1390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1390"
    },
    {
      "name": "CVE-2025-39864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39864"
    },
    {
      "name": "CVE-2025-59375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-38086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38086"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2025-6141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6141"
    },
    {
      "name": "CVE-2023-42365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42365"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-3360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
    },
    {
      "name": "CVE-2025-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
    },
    {
      "name": "CVE-2024-52533",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-52533"
    },
    {
      "name": "CVE-2024-6874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6874"
    },
    {
      "name": "CVE-2025-38085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38085"
    },
    {
      "name": "CVE-2022-48174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48174"
    },
    {
      "name": "CVE-2025-39860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39860"
    },
    {
      "name": "CVE-2023-42364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42364"
    },
    {
      "name": "CVE-2025-39839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39839"
    },
    {
      "name": "CVE-2025-9086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
    },
    {
      "name": "CVE-2023-7256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7256"
    },
    {
      "name": "CVE-2024-6197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2025-39846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39846"
    },
    {
      "name": "CVE-2024-8006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8006"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2025-38350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38350"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-38498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38498"
    },
    {
      "name": "CVE-2023-42363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42363"
    },
    {
      "name": "CVE-2025-38084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38084"
    },
    {
      "name": "CVE-2025-39841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39841"
    },
    {
      "name": "CVE-2023-42366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42366"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2025-38345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-38345"
    },
    {
      "name": "CVE-2024-47619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47619"
    }
  ],
  "initial_release_date": "2026-01-29T00:00:00",
  "last_revision_date": "2026-01-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0101",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-01-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2026-01-28",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-089022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
    }
  ]
}

CERTFR-2025-AVI-0098

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Curl	cURL et libcurl	curl et libcurl versions 7.10.5 à 8.11.x antérieures à 8.12.0

References

Title

Publication Time

Tags

Bulletin de sécurité Curl CVE-2025-0167	2025-02-05	vendor-advisory
Bulletin de sécurité Curl CVE-2025-0725	2025-02-05	vendor-advisory
Bulletin de sécurité Curl CVE-2025-0665	2025-02-05	vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "curl et libcurl versions 7.10.5 \u00e0 8.11.x ant\u00e9rieures \u00e0 8.12.0 ",
      "product": {
        "name": "cURL et libcurl",
        "vendor": {
          "name": "Curl",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0098",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Curl. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Curl",
  "vendor_advisories": [
    {
      "published_at": "2025-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Curl CVE-2025-0167",
      "url": "https://curl.se/docs/CVE-2025-0167.html"
    },
    {
      "published_at": "2025-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Curl CVE-2025-0725",
      "url": "https://curl.se/docs/CVE-2025-0725.html"
    },
    {
      "published_at": "2025-02-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Curl CVE-2025-0665",
      "url": "https://curl.se/docs/CVE-2025-0665.html"
    }
  ]
}

CERTFR-2025-AVI-0102

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.77.8

References

Title

Publication Time

Tags

2025-02-20

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.77.8",
      "product": {
        "name": "Identity Exposure",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2025-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1091"
    },
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2025-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0760"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0102",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-07T00:00:00.000000"
    },
    {
      "description": "Ajout des vuln\u00e9rabilit\u00e9s CVE-2025-0167, CVE-2025-0665 et CVE-2025-0725",
      "revision_date": "2025-02-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Tenable. Entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Tenable",
  "vendor_advisories": [
    {
      "published_at": "2025-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-01",
      "url": "https://www.tenable.com/security/tns-2025-01"
    }
  ]
}

CERTFR-2025-AVI-0150

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Identity Exposure	Identity Exposure versions antérieures à 3.77.9

References

Title

Publication Time

Tags

2025-02-20

vendor-advisory

Bulletin de sécurité Tenable tns-2025-04

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Identity Exposure versions ant\u00e9rieures \u00e0 3.77.9",
      "product": {
        "name": "Identity Exposure",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-25629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25629"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2025-23085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
    },
    {
      "name": "CVE-2025-23083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
    },
    {
      "name": "CVE-2025-1091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1091"
    },
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2025-0760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0760"
    },
    {
      "name": "CVE-2025-23084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23084"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0150",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Identity Exposure. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Identity Exposure",
  "vendor_advisories": [
    {
      "published_at": "2025-02-20",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-01",
      "url": "https://www.tenable.com/security/tns-2025-01"
    }
  ]
}

CERTFR-2025-AVI-0328

Vulnerability from certfr_avis - Published: - Updated:

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	Tenable	Security Center	Security Center sans le correctif de sécurité Patch SC-202504.2

References

Title

Publication Time

Tags

2025-04-17

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": " Security Center sans le correctif de s\u00e9curit\u00e9 Patch SC-202504.2",
      "product": {
        "name": "Security Center",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-9681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2024-11053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
    },
    {
      "name": "CVE-2024-7264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7264"
    },
    {
      "name": "CVE-2025-1217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1217"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2024-6874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6874"
    },
    {
      "name": "CVE-2025-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1736"
    },
    {
      "name": "CVE-2024-6197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6197"
    },
    {
      "name": "CVE-2025-1734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1734"
    },
    {
      "name": "CVE-2025-0665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0665"
    },
    {
      "name": "CVE-2024-8096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8096"
    },
    {
      "name": "CVE-2025-0725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
    },
    {
      "name": "CVE-2025-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1861"
    },
    {
      "name": "CVE-2025-0167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
    },
    {
      "name": "CVE-2025-1219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-1219"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0328",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Security Center. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Security Center",
  "vendor_advisories": [
    {
      "published_at": "2025-04-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-04",
      "url": "https://www.tenable.com/security/tns-2025-04"
    }
  ]
}

BDU:2025-02320

Vulnerability from fstec - Published: 05.02.2025

Title

Уязвимость файловым дескриптором eventfd библиотеки libcurl, позволяющая нарушителю выполнить произвольный код или раскрыть защищаемую информацию

Description

Уязвимость файловым дескриптором eventfd библиотеки libcurl связана с несколькими выпусками одного и того же ресурса или дескриптора. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код или раскрыть защищаемую информацию

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

ООО «Ред Софт», АО «ИВК», ООО «Юбитех», Daniel Stenberg

Software Name

РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), UBLinux (запись в едином реестре российских программ №6874), Libcurl

Software Version

7.3 (РЕД ОС), - (Альт 8 СП), до 2405 (UBLinux), от 8.11.1 до 8.12.0 (Libcurl)

Possible Mitigations

Использование рекомендаций: https://curl.se/docs/CVE-2025-0665.html Для РЕД ОС: https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-curl-cve-2025-0665-cve-2025-0725/?sphrase_id=756849 Для UBLinux: https://security.ublinux.ru/CVE-2025-0665 Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства:https://altsp.su/obnovleniya-bezopasnosti/

Reference

https://hackerone.com/reports/2954286 https://curl.se/docs/CVE-2025-0665.html https://redos.red-soft.ru/support/secure/uyazvimosti/mnozhestvennye-uyazvimosti-curl-cve-2025-0665-cve-2025-0725/?sphrase_id=756849 https://security.ublinux.ru/CVE-2025-0665 https://altsp.su/obnovleniya-bezopasnosti/

CWE

CWE-1341