CERTFR-2025-Act-015 News Bulletin-Cert-frr

This summary covers a list of vulnerabilities associated with various software and hardware products from multiple companies, along with their CVE identifiers, severity scores, and related documentation.

VMware Greenplum Vulnerabilities

1. CVE-2018-1282 (Severity: 9.1) – Related to a security policy omission, with no further information available as of April 7, 2025. Reference: Broadcom Support.

2. CVE-2022-42967 (Severity: 9.6) – This vulnerability allows for the execution of arbitrary code remotely and includes an indirect code injection vulnerability (XSS).

3. CVE-2023-37920 & CVE-2023-39320 (Severity: 9.8 each) – Both vulnerabilities are noted as "less recognized" and involve remote code execution.

4. CVE-2024-24790 (Severity: 9.8) – Another policy omission issue, slated for further review on April 10, 2025.

5. CVE-2024-47561 (Severity: 9.2) – This vulnerability is linked with remote code execution.

6. CVE-2024-50379 (Severity: 9.8) – Also involves remote code execution.

Additional vulnerabilities relate to XSS and security policy omissions across different versions of Greenplum and require further investigation.

IBM Vulnerabilities

1. CVE-2020-36242 (Severity: 9.1) – An unspecified vulnerability recognized on April 10, 2025. Reference: IBM Support.

2. CVE-2024-24790 (Severity: 9.8) – Related to a security policy omission.

3. CVE-2023-3961 (Severity: 9.8) – Involves a denial of service from a remote location.

4. CVE-2024-5535 (Severity: 9.1) – Compromises data confidentiality.

5. CVE-2025-30016 (Severity: 9.8) – Includes security policy bypass and elevation of privileges.

6. CVE-2025-31330 (Severity: 9.9) – Attributed to remote code execution.

Juniper Networks Vulnerability

• CVE-2024-35845 (Severity: 9.1) – Noted as less recognized with more details to follow.

Ubuntu Vulnerabilities

1. CVE-2024-35960 (Severity: 9.1) – Details a remote denial of service.

2. CVE-2024-53197 (Severity: 7.8) – Involves privilege escalation and was reported as exploited.

Other Notable Vendors

• Adobe ColdFusion: Multiple vulnerabilities (CVE-2025-24446, CVE-2025-24447, CVE-2025-30281, CVE-2025-30282) with severity scores of 9.1, mainly related to remote code execution and data confidentiality damage.

• Microsoft Windows: CVE-2025-29824 (Severity: 7.8), relates to elevation of privileges, marked as exploited.

• Fortinet Fortiswitch: CVE-2024-48887 (Severity: 9.8) involves policy omission.

• SAVIA (multiple instances): Vulnerabilities noted include remote code execution (CVE-2025-30016, CVE-2025-31330) with severity scores ranging from 9.8 to 9.9.

Summary

The listed vulnerabilities span a range of products from different vendors, with severity scores often exceeding 7, indicating significant risks. Common themes include remote code execution, denial of service, security policy omissions, and privilege escalations. Detailed inquiries into the referenced links are critical for remediation and understanding the scope of these vulnerabilities. As the dates for additional information approach, ongoing monitoring and updates from each vendor’s security advisories will be essential for maintaining cybersecurity standards.

Enlace de la fuente, haz clic para tener más información