Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN301 _____________________________________________________________________ DATE : 13/03/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu for Valkey products. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37182 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37183 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37184 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37185 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37186 _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey 9.0.3 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 37182 Last Updated 11 March 2026 Initial Publication Date 11 March 2026 Status CLOSED Severity CRITICAL CVSS Base Score 10.0 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0163 Severity: Critical Issue Date: 2026-03-10 Updated on: Synopsis One critical & maney high vulnerabilities were found in Valkey 9.0.2, which is addressed in Valkey 9.0.3 Product Version Release Advisory VMware Tanzu for Valkey https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-valkey/9-0/tanzu-valkey-docs/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 9.0.2, fixed in Valkey 9.0.3 CVE-2025-68121 (critical) CVE-2025-61732 (high) CVE-2025-4674 (high) CVE-2025-61731 (high) CVE-2025-61729 (high) CVE-2025-61726 (high) CVE-2025-58187 (high) CVE-2025-58188 (high) CVE-2025-61723 (high) CVE-2025-61725 (high) CVE-2025-47907 (high) CVE-2025-68119 (high) CVE-2025-61727 (medium) CVE-2025-61728 (medium) CVE-2025-47906 (medium) CVE-2025-47912 (medium) GHSA-j5w8-q4qc-rx2x (medium) CVE-2025-58186 (medium) CVE-2025-61724 (medium) CVE-2025-61730 (medium) GHSA-f6x5-jh6r-wrfv (medium) CVE-2025-58189 (medium) CVE-2025-58185 (medium) CVE-2025-58183 (medium) History 2026-03-10: Initial vulnerability report published. Contact E-mail: [email protected] VMware Tanzu Security Advisories: https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey 8.1.6 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 37183 Last Updated 11 March 2026 Initial Publication Date 11 March 2026 Status CLOSED Severity CRITICAL CVSS Base Score 10.0 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0164 Severity: Critical Issue Date: 2026-03-10 Updated on: Synopsis One critical & few high vulnerabilities were found in Valkey 8.1.5, which is addressed in Valkey 8.1.6 Product Version Release Advisory VMware Tanzu for Valkey https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-valkey/8-1/tanzu-valkey-docs/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 8.1.5, fixed in Valkey 8.1.6 CVE-2025-68121 (critical) CVE-2025-61732 (high) CVE-2025-4674 (high) CVE-2025-61731 (high) CVE-2025-58187 (high) CVE-2025-61723 (high) CVE-2025-58188 (high) CVE-2025-61725 (high) CVE-2025-61729 (high) CVE-2025-61726 (high) CVE-2025-68119 (high) CVE-2025-47907 (high) CVE-2025-61727 (medium) CVE-2025-61728 (medium) CVE-2025-47906 (medium) CVE-2025-61730 (medium) GHSA-f6x5-jh6r-wrfv (medium) CVE-2025-58186 (medium) GHSA-j5w8-q4qc-rx2x (medium) CVE-2025-61724 (medium) CVE-2025-58189 (medium) CVE-2025-58185 (medium) CVE-2025-47912 (medium) CVE-2025-58183 (medium) History 2026-03-10: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey 8.0.7 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 37184 Last Updated 11 March 2026 Initial Publication Date 11 March 2026 Status CLOSED Severity CRITICAL CVSS Base Score 10.0 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0165 Severity: Critical Issue Date: 2026-03-10 Updated on: Synopsis One critical and few high vulnerabilities were found in Valkey 8.0.6, which is addressed in Valkey 8.0.7 Product Version Release Advisory VMware Tanzu for Valkey https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-valkey/8-0/tanzu-valkey-docs/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 8.0.6, fixed in Valkey 8.0.7 CVE-2025-68121 (critical) CVE-2025-4674 (high) CVE-2025-61732 (high) CVE-2025-61731 (high) CVE-2025-58187 (high) CVE-2025-58188 (high) CVE-2025-61723 (high) CVE-2025-61725 (high) CVE-2025-61729 (high) CVE-2025-61726 (high) CVE-2025-47907 (high) CVE-2025-68119 (high) CVE-2025-47906 (medium) CVE-2025-61728 (medium) CVE-2025-61727 (medium) GHSA-f6x5-jh6r-wrfv (medium) CVE-2025-61730 (medium) CVE-2025-58189 (medium) CVE-2025-47912 (medium) CVE-2025-58185 (medium) GHSA-j5w8-q4qc-rx2x (medium) CVE-2025-58186 (medium) CVE-2025-61724 (medium) CVE-2025-58183 (medium) History 2026-03-10: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security _____________________________________________________________________ Product Release Advisory - VMware Tanzu for Valkey 8.0.7 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey Notification Id 37184 Last Updated 11 March 2026 Initial Publication Date 11 March 2026 Status CLOSED Severity CRITICAL CVSS Base Score 10.0 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0165 Severity: Critical Issue Date: 2026-03-10 Updated on: Synopsis One critical and few high vulnerabilities were found in Valkey 8.0.6, which is addressed in Valkey 8.0.7 Product Version Release Advisory VMware Tanzu for Valkey https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-valkey/8-0/tanzu-valkey-docs/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey 8.0.6, fixed in Valkey 8.0.7 CVE-2025-68121 (critical) CVE-2025-4674 (high) CVE-2025-61732 (high) CVE-2025-61731 (high) CVE-2025-58187 (high) CVE-2025-58188 (high) CVE-2025-61723 (high) CVE-2025-61725 (high) CVE-2025-61729 (high) CVE-2025-61726 (high) CVE-2025-47907 (high) CVE-2025-68119 (high) CVE-2025-47906 (medium) CVE-2025-61728 (medium) CVE-2025-61727 (medium) GHSA-f6x5-jh6r-wrfv (medium) CVE-2025-61730 (medium) CVE-2025-58189 (medium) CVE-2025-47912 (medium) CVE-2025-58185 (medium) GHSA-j5w8-q4qc-rx2x (medium) CVE-2025-58186 (medium) CVE-2025-61724 (medium) CVE-2025-58183 (medium) History 2026-03-10: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security _____________________________________________________________________ VMware Tanzu for Valkey on Kubernetes 3.3.3 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for Valkey VMware Tanzu Platform Vmware Tanzu Platform - SM Notification Id 37186 Last Updated 11 March 2026 Initial Publication Date 11 March 2026 Status CLOSED Severity CRITICAL CVSS Base Score 10.0 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2026-0167 Severity: Critical Issue Date: 2026-03-10 Updated on: Synopsis One critical & many high vulnerabilities were found in Tanzu for Valkey on Kubernetes 3.3.2, which is addressed in Tanzu for Valkey on Kubernetes 3.3.3 Product Version Release Advisory VMware Tanzu for Valkey on Kubernetes https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-valkey-on-kubernetes/3-3/valkey-on-kubernetes/release-notes.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved Valkey Operator 3.3.2, fixed in Valkey Operator 3.3.3 CVE-2025-68121 (critical) CVE-2025-61732 (high) CVE-2026-0861 (high) CVE-2023-2953 (high) CVE-2026-26960 (high) CVE-2005-2541 (high) CVE-2026-22185 (medium) CVE-2025-5915 (medium) CVE-2023-50495 (medium) CVE-2025-14512 (medium) CVE-2026-1757 (medium) CVE-2022-3219 (medium) CVE-2023-32636 (medium) CVE-2023-4156 (medium) CVE-2025-68972 (medium) CVE-2024-11053 (medium) GHSA-gx3x-vq4p-mhhv (medium) CVE-2025-15281 (medium) CVE-2024-41996 (medium) CVE-2023-45322 (medium) CVE-2025-13151 (medium) CVE-2026-0990 (medium) CVE-2025-14087 (medium) CVE-2025-60753 (medium) CVE-2022-27943 (medium) CVE-2024-34459 (medium) CVE-2026-1489 (medium) CVE-2026-0915 (medium) CVE-2022-41409 (medium) CVE-2024-7264 (medium) CVE-2023-30571 (medium) CVE-2025-14831 (medium) CVE-2026-2100 (medium) CVE-2025-14017 (medium) CVE-2024-13176 (medium) CVE-2024-0232 (medium) CVE-2025-64118 (medium) CVE-2025-5278 (medium) CVE-2026-1484 (medium) CVE-2025-9820 (medium) CVE-2024-9681 (low) CVE-2025-5916 (low) CVE-2025-5918 (low) CVE-2026-0989 (low) CVE-2025-3360 (low) CVE-2026-24883 (low) CVE-2026-0988 (low) CVE-2025-7039 (low) CVE-2025-1632 (low) CVE-2023-39804 (low) CVE-2025-9232 (low) CVE-2025-27113 (low) CVE-2026-27171 (low) GHSA-q9hv-hpm4-hj6x (low) CVE-2026-0992 (low) CVE-2025-5917 (low) CVE-2026-1485 (low) CVE-2025-30258 (low) CVE-2025-6170 (low) CVE-2025-62813 (unknown) History 2026-03-10: Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================