Vulnerability-Lookup

CVE-2016-2176 (GCVE-0-2016-2176)

Vulnerability from cvelistv5 – Published: 2016-05-05 00:00 – Updated: 2024-08-05 23:17

Summary

The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

23 references

URL	Tags
http://www.slackware.com/security/viewer.php?l=sl…	vendor-advisory
http://www.oracle.com/technetwork/security-adviso…
https://h20566.www2.hpe.com/hpsc/doc/public/displ…
https://git.openssl.org/?p=openssl.git%3Ba=commit…
http://packetstormsecurity.com/files/136912/Slack…
http://www.oracle.com/technetwork/security-adviso…
https://kc.mcafee.com/corporate/index?page=conten…
https://security.gentoo.org/glsa/201612-16	vendor-advisory
http://www.securitytracker.com/id/1035721	vdb-entry
http://tools.cisco.com/security/center/content/Ci…	vendor-advisory
http://www.oracle.com/technetwork/security-adviso…
https://h20566.www2.hpe.com/hpsc/doc/public/displ…
http://www.oracle.com/technetwork/topics/security…
http://www.securityfocus.com/bid/89746	vdb-entry
http://lists.apple.com/archives/security-announce…	vendor-advisory
https://www.tenable.com/security/tns-2016-18
https://kb.pulsesecure.net/articles/Pulse_Securit…
https://security.netapp.com/advisory/ntap-2016050…
http://www.securityfocus.com/bid/91787	vdb-entry
https://www.openssl.org/news/secadv/20160503.txt
https://support.apple.com/HT206903
https://bto.bluecoat.com/security-advisory/sa123
https://cert-portal.siemens.com/productcert/pdf/s…

Date Public ?

2016-05-03 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T23:17:50.757Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSA:2016-124-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
          },
          {
            "name": "GLSA-201612-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-16"
          },
          {
            "name": "1035721",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035721"
          },
          {
            "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
          },
          {
            "name": "89746",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/89746"
          },
          {
            "name": "APPLE-SA-2016-07-18-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2016-18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
          },
          {
            "name": "91787",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20160503.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/HT206903"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa123"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "SSA:2016-124-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us"
        },
        {
          "url": "https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561"
        },
        {
          "url": "http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160"
        },
        {
          "name": "GLSA-201612-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201612-16"
        },
        {
          "name": "1035721",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1035721"
        },
        {
          "name": "20160504 Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: May 2016",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us"
        },
        {
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
        },
        {
          "name": "89746",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/89746"
        },
        {
          "name": "APPLE-SA-2016-07-18-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2016-18"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20160504-0001/"
        },
        {
          "name": "91787",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/91787"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20160503.txt"
        },
        {
          "url": "https://support.apple.com/HT206903"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa123"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2016-2176",
    "datePublished": "2016-05-05T00:00:00.000Z",
    "dateReserved": "2016-01-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T23:17:50.757Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2016-2176",
      "date": "2026-05-19",
      "epss": "0.07788",
      "percentile": "0.92049"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.1s\", \"matchCriteriaId\": \"C1F608A0-78BE-4F17-9E41-70933E52B3C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"18797BEE-417D-4959-9AAD-C5A7C051B524\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FAA3C31-BD9D-45A9-A502-837FECA6D479\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"6455A421-9956-4846-AC7C-3431E0D37D23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60F946FD-F564-49DA-B043-5943308BA9EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B89180B-FB68-4DD8-B076-16E51CC7FB91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4C986592-4086-4A39-9767-EF34DBAA6A53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7B23181C-03DB-4E92-B3F6-6B585B5231B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94D9EC1C-4843-4026-9B05-E060E9391734\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n X509_NAME_oneline en crypto/x509/x509_obj.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos obtener informaci\\u00f3n sensible de la pila de memoria de proceso o provocar una denegaci\\u00f3n de servicio (sobrelectura de buffer) a trav\\u00e9s de datos EBCDIC ASN.1 manipulados.\"}]",
      "id": "CVE-2016-2176",
      "lastModified": "2024-11-21T02:47:57.720",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\", \"baseScore\": 8.2, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 4.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:P\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2016-05-05T01:59:06.340",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/89746\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/91787\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1035721\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa123\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201612-16\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20160504-0001/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://support.apple.com/HT206903\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.openssl.org/news/secadv/20160503.txt\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2016-18\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/89746\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/91787\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1035721\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa123\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201612-16\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20160504-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/HT206903\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.openssl.org/news/secadv/20160503.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.tenable.com/security/tns-2016-18\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-2176\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2016-05-05T01:59:06.340\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to obtain sensitive information from process stack memory or cause a denial of service (buffer over-read) via crafted EBCDIC ASN.1 data.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n X509_NAME_oneline en crypto/x509/x509_obj.c en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h permite a atacantes remotos obtener informaci\u00f3n sensible de la pila de memoria de proceso o provocar una denegaci\u00f3n de servicio (sobrelectura de buffer) a trav\u00e9s de datos EBCDIC ASN.1 manipulados.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\",\"baseScore\":8.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":4.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:P\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.1s\",\"matchCriteriaId\":\"C1F608A0-78BE-4F17-9E41-70933E52B3C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD3E5C1B-EC63-4214-A0BD-0B8681CE6C8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"18797BEE-417D-4959-9AAD-C5A7C051B524\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAA3C31-BD9D-45A9-A502-837FECA6D479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"6455A421-9956-4846-AC7C-3431E0D37D23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60F946FD-F564-49DA-B043-5943308BA9EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4847BCF3-EFCE-41AF-8E7D-3D51EB9DCC5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B89180B-FB68-4DD8-B076-16E51CC7FB91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C986592-4086-4A39-9767-EF34DBAA6A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2e:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B23181C-03DB-4E92-B3F6-6B585B5231B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2f:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94D9EC1C-4843-4026-9B05-E060E9391734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:1.0.2g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B066401C-21CF-4BE9-9C55-C9F1E0C7BE3F\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/89746\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/91787\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1035721\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa123\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201612-16\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20160504-0001/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/HT206903\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.openssl.org/news/secadv/20160503.txt\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-18\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://packetstormsecurity.com/files/136912/Slackware-Security-Advisory-openssl-Updates.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/89746\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/91787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1035721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2016\u0026m=slackware-security.542103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/?p=openssl.git%3Ba=commit%3Bh=2919516136a4227d9e6d8f2fe66ef976aaf8c561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03756en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03765en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40202\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201612-16\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20160504-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT206903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.openssl.org/news/secadv/20160503.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.tenable.com/security/tns-2016-18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2016-AVI-151

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans OpenSSL. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL versions 1.0.1x antérieures à 1.0.1t
	OpenSSL	OpenSSL	OpenSSL versions 1.0.2x antérieures à 1.0.2h

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 03 mai 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions 1.0.1x ant\u00e9rieures \u00e0 1.0.1t",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.0.2x ant\u00e9rieures \u00e0 1.0.2h",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOpenSSL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 03 mai 2016",
      "url": "https://www.openssl.org/news/secadv/20160503.txt"
    }
  ]
}

CERTFR-2016-AVI-153

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings Server version 2.6
Cisco	N/A	Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0
Cisco	N/A	Cisco Finesse
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1
Cisco	N/A	Cisco APIC-EM version 1.0(1)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7
Cisco	N/A	Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7
Cisco	N/A	Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7
Cisco	N/A	Cisco Information Server version 6.2
Cisco	N/A	Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4
Cisco	N/A	Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 03 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 04 mai 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings Server version 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Information Server version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2016-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2016-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
    },
    {
      "name": "CVE-2016-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
    },
    {
      "name": "CVE-2016-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
    },
    {
      "name": "CVE-2016-2516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2016-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
    },
    {
      "name": "CVE-2016-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
    },
    {
      "name": "CVE-2015-7704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
    },
    {
      "name": "CVE-2016-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
    },
    {
      "name": "CVE-2016-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du    04 mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    }
  ],
  "reference": "CERTFR-2016-AVI-153",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-239

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple tvOS versions antérieures à 9.2.2
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.4.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 5.2.1
Apple	Safari	Apple Safari versions antérieures à 9.1.2
Apple	N/A	Apple watchOS versions antérieures à 2.2.2
Apple	N/A	Apple OS X El Capitan versions antérieures à 10.11.6 et sans la mise à jour de sécurité 2016-004
Apple	N/A	Apple iOS versions antérieures à 9.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206902 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206905 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206903 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206901 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206904 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206899 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206900 du 18 juillet 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 9.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.6 et sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4650"
    },
    {
      "name": "CVE-2016-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1865"
    },
    {
      "name": "CVE-2016-4584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4584"
    },
    {
      "name": "CVE-2016-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4645"
    },
    {
      "name": "CVE-2016-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
    },
    {
      "name": "CVE-2016-4648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4648"
    },
    {
      "name": "CVE-2016-4629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4629"
    },
    {
      "name": "CVE-2016-4601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4601"
    },
    {
      "name": "CVE-2016-4600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4600"
    },
    {
      "name": "CVE-2016-4646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4646"
    },
    {
      "name": "CVE-2016-4623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4623"
    },
    {
      "name": "CVE-2016-4582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4582"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-4595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4595"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4614"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-4589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4589"
    },
    {
      "name": "CVE-2016-4627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4627"
    },
    {
      "name": "CVE-2016-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1863"
    },
    {
      "name": "CVE-2016-4631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4631"
    },
    {
      "name": "CVE-2016-4615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4615"
    },
    {
      "name": "CVE-2016-4632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4632"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4598"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4649"
    },
    {
      "name": "CVE-2016-4621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4621"
    },
    {
      "name": "CVE-2016-4592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4592"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-4624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4624"
    },
    {
      "name": "CVE-2016-4634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4634"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4619"
    },
    {
      "name": "CVE-2016-4596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4596"
    },
    {
      "name": "CVE-2016-4588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4588"
    },
    {
      "name": "CVE-2016-4610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
    },
    {
      "name": "CVE-2016-4637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4637"
    },
    {
      "name": "CVE-2016-4597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4597"
    },
    {
      "name": "CVE-2016-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4599"
    },
    {
      "name": "CVE-2016-4633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4633"
    },
    {
      "name": "CVE-2016-4612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
    },
    {
      "name": "CVE-2016-4605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4605"
    },
    {
      "name": "CVE-2016-4587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4587"
    },
    {
      "name": "CVE-2016-4602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4602"
    },
    {
      "name": "CVE-2016-4652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4652"
    },
    {
      "name": "CVE-2016-4586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4586"
    },
    {
      "name": "CVE-2016-4607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
    },
    {
      "name": "CVE-2016-4594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4594"
    },
    {
      "name": "CVE-2016-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1864"
    },
    {
      "name": "CVE-2016-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4641"
    },
    {
      "name": "CVE-2016-4647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4647"
    },
    {
      "name": "CVE-2016-4583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4583"
    },
    {
      "name": "CVE-2014-9862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9862"
    },
    {
      "name": "CVE-2016-4625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4625"
    },
    {
      "name": "CVE-2016-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4616"
    },
    {
      "name": "CVE-2016-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4590"
    },
    {
      "name": "CVE-2016-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4640"
    },
    {
      "name": "CVE-2016-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4603"
    },
    {
      "name": "CVE-2016-4585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4585"
    },
    {
      "name": "CVE-2016-4593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4593"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
    },
    {
      "name": "CVE-2016-4638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4638"
    },
    {
      "name": "CVE-2016-4639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4639"
    },
    {
      "name": "CVE-2016-4591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4591"
    },
    {
      "name": "CVE-2016-4630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4630"
    },
    {
      "name": "CVE-2016-4604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4604"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-4622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4622"
    },
    {
      "name": "CVE-2016-4628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4628"
    },
    {
      "name": "CVE-2016-4626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4626"
    },
    {
      "name": "CVE-2016-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4651"
    },
    {
      "name": "CVE-2016-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-239",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206902 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206902"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206905 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206905"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206903 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206903"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206901 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206901"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206904 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206904"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206899 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206899"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206900 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206900"
    }
  ]
}

CERTFR-2017-AVI-122

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	Oracle MySQL Cluster versions 7.2.27 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Backup versions 3.12.3 et antérieures
Oracle	MySQL	Oracle MySQL Connectors versions 5.1.41 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.4.14 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.2.1182 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Backup versions 4.0.3 et antérieures
Oracle	MySQL	Oracle MySQL Workbench versions 6.3.8 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.6.35 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.1.6.8003 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.3.2.1162 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.7.17 et antérieures
Oracle	MySQL	Oracle MySQL Connectors versions 2.1.5 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.5.5 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.5.54 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.3.16 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2017verbose-3236619 du 18 avril 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2017-3236618 du 18 avril 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2017-3236618 du 18 avril 2017	-	other
Bulletin de sécurité Oracle cpuapr2017verbose-3236619 du 18 avril 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle MySQL Cluster versions 7.2.27 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Backup versions 3.12.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Connectors versions 5.1.41 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.4.14 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.2.1182 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Backup versions 4.0.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Workbench versions 6.3.8 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.6.35 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.1.6.8003 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.3.2.1162 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.7.17 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Connectors versions 2.1.5 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.5.5 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.5.54 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.3.16 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3458"
    },
    {
      "name": "CVE-2017-3462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3462"
    },
    {
      "name": "CVE-2017-3467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3467"
    },
    {
      "name": "CVE-2017-3306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3306"
    },
    {
      "name": "CVE-2017-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3456"
    },
    {
      "name": "CVE-2016-3092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
    },
    {
      "name": "CVE-2017-3468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3468"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2017-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3600"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2017-3460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3460"
    },
    {
      "name": "CVE-2016-6303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
    },
    {
      "name": "CVE-2017-3307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3307"
    },
    {
      "name": "CVE-2017-3453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3453"
    },
    {
      "name": "CVE-2017-3469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3469"
    },
    {
      "name": "CVE-2017-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3590"
    },
    {
      "name": "CVE-2017-3308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3308"
    },
    {
      "name": "CVE-2017-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3599"
    },
    {
      "name": "CVE-2017-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3586"
    },
    {
      "name": "CVE-2017-3463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3463"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3461"
    },
    {
      "name": "CVE-2017-3455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3455"
    },
    {
      "name": "CVE-2017-3302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3302"
    },
    {
      "name": "CVE-2017-3454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3454"
    },
    {
      "name": "CVE-2017-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3450"
    },
    {
      "name": "CVE-2017-3457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3457"
    },
    {
      "name": "CVE-2017-3465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3465"
    },
    {
      "name": "CVE-2017-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3589"
    },
    {
      "name": "CVE-2017-3452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3452"
    },
    {
      "name": "CVE-2017-3331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3331"
    },
    {
      "name": "CVE-2017-3464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3464"
    },
    {
      "name": "CVE-2017-3304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3304"
    },
    {
      "name": "CVE-2017-5638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5638"
    },
    {
      "name": "CVE-2017-3305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3305"
    },
    {
      "name": "CVE-2017-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3329"
    },
    {
      "name": "CVE-2017-3309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3309"
    },
    {
      "name": "CVE-2017-3459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3459"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017-3236618 du 18 avril    2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017verbose-3236619 du 18    avril 2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017verbose-3236619.html#MSQL"
    }
  ],
  "reference": "CERTFR-2017-AVI-122",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle MySQL\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017verbose-3236619 du 18 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017-3236618 du 18 avril 2017",
      "url": null
    }
  ]
}

CERTFR-2022-AVI-1094

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	PLM Help Server V4.2 toutes versions
Siemens	N/A	SINAMICS Startdrive versions antérieures à V16 Update 3
Siemens	N/A	SCALANCE X-200RNA toutes versions
Siemens	N/A	Parasolid versions V33.1.x antérieures à V33.1.264
Siemens	N/A	Parasolid versions V34.0.x antérieures à V34.0.252
Siemens	N/A	Polarion ALM toutes versions
Siemens	N/A	SIMATIC WinCC Runtime Professional V16 versions antérieures à V16 Update 2
Siemens	N/A	APOGEE PXC Series (BACnet) versions antérieures à V3.5.5
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V13 versions antérieures à V13 SP2 Update 4
Siemens	N/A	SCALANCE, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html
Siemens	N/A	SICAM GridPass (6MD7711-2AA00-1EA0) versions supérieures ou égales à V1.80
Siemens	N/A	SIMATIC STEP 7 V5 versions antérieures à V5.6 SP2 HF3
Siemens	N/A	SINAMICS STARTER versions antérieures à V5.4 HF2
Siemens	N/A	SIMATIC NET PC Software V16 versions antérieures à V16 Upd3
Siemens	N/A	Calibre ICE versions supérieures ou égales à V2022.4
Siemens	N/A	SINUMERIK Operate versions antérieures à V6.14
Siemens	N/A	SINEC NMS versions antérieures à V1.0 SP2
Siemens	N/A	SIMATIC WinCC OA versions V3.16.x antérieures à V3.16 P035
Siemens	N/A	SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions supérieures ou égales à V2.13
Siemens	N/A	SIMATIC WinCC Runtime Professional V13 versions antérieures à V13 SP2 Update 4
Siemens	N/A	SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P003
Siemens	N/A	Teamcenter Visualization V14.1.x antérieures à V14.1.0.6
Siemens	N/A	SICAM PAS/PQS versions antérieures à 7.0
Siemens	N/A	Mcenter versions supérieures ou égales à V5.2.1.0
Siemens	N/A	SIMATIC WinCC Runtime Professional V15 versions antérieures à V15.1 Update 5
Siemens	N/A	SIMATIC WinCC OA versions V3.18.x antérieures à V3.18 P014
Siemens	N/A	SIMATIC WinCC Runtime Professional V14 versions antérieures à V14 SP1 Update 10
Siemens	N/A	TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions
Siemens	N/A	SINEMA Server versions antérieures à V14 SP3
Siemens	N/A	APOGEE PXC Series (P2 Ethernet) versions antérieures à V2.8.20
Siemens	N/A	SINUMERIK ONE virtual versions antérieures à V6.14
Siemens	N/A	Teamcenter Visualization V14.0.x
Siemens	N/A	SICAM PAS/PQS versions 8.x antérieures à 8.06
Siemens	N/A	SIMATIC WinCC Runtime Advanced versions antérieures à V16 Update 2
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V14 versions antérieures à V14 SP1 Update 10
Siemens	N/A	SIMATIC S7-PLCSIM Advanced versions antérieures à V5.0
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions
Siemens	N/A	Teamcenter Visualization V13.2.x antérieures à V13.2.0.12
Siemens	N/A	RUGGEDCOM, pour plus d'informations, veuillez-vous référer à l'avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html
Siemens	N/A	Parasolid versions V34.1.x antérieures à V34.1.242
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V15 versions antérieures à V15.1 Update 5
Siemens	N/A	Parasolid versions V35.0.x antérieures à V35.0.170
Siemens	N/A	Mendix Email Connector versions antérieures à 2.0.0
Siemens	N/A	SIMATIC WinCC OA versions V3.17.x antérieures à V3.17 P024
Siemens	N/A	SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Update 14
Siemens	N/A	Mendix Workflow Commons versions antérieures à 2.4.0
Siemens	N/A	SIMATIC NET PC Software V14 versions antérieures à V14 SP1 Update 14
Siemens	N/A	SIMATIC WinCC OA versions V3.15.x
Siemens	N/A	SIMATIC Automation Tool versions antérieures à V4 SP2
Siemens	N/A	Teamcenter Visualization V13.3.x
Siemens	N/A	SIMATIC Drive Controller family versions antérieures à V3.0.1
Siemens	N/A	SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions antérieures à V4.6.0
Siemens	N/A	SIMATIC ProSave versions antérieures à V17
Siemens	N/A	SIMATIC PCS neo versions antérieures à V3.0 SP1
Siemens	N/A	Simcenter STAR-CCM+ toutes versions
Siemens	N/A	TALON TC Series (BACnet) versions antérieures à V3.5.5
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP1 Update 3
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à V21.8
Siemens	N/A	SIMATIC WinCC OA V3.16 versions antérieures à V3.16 P018
Siemens	N/A	SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions
Siemens	N/A	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions antérieures à V3.0.1
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V16 versions antérieures à V16 Update 2
Siemens	N/A	SIPROTEC 5, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html
Siemens	N/A	JT2Go toutes versions
Siemens	N/A	SIMATIC S7-1500 Software Controller toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens

2022-12-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC NET PC Software V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PLM Help Server V4.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS Startdrive versions ant\u00e9rieures \u00e0 V16 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200RNA toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V33.1.x ant\u00e9rieures \u00e0 V33.1.264",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V34.0.x ant\u00e9rieures \u00e0 V34.0.252",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Polarion ALM toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridPass (6MD7711-2AA00-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V1.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 V5.6 SP2 HF3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS STARTER versions ant\u00e9rieures \u00e0 V5.4 HF2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V16 versions ant\u00e9rieures \u00e0 V16 Upd3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Calibre ICE versions sup\u00e9rieures ou \u00e9gales \u00e0 V2022.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Operate versions ant\u00e9rieures \u00e0 V6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.16.x ant\u00e9rieures \u00e0 V3.16 P035",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.1.x ant\u00e9rieures \u00e0 V14.1.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mcenter versions sup\u00e9rieures ou \u00e9gales \u00e0 V5.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.18.x ant\u00e9rieures \u00e0 V3.18 P014",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (P2 Ethernet) versions ant\u00e9rieures \u00e0 V2.8.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK ONE virtual versions ant\u00e9rieures \u00e0 V6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions 8.x ant\u00e9rieures \u00e0 8.06",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.2.x ant\u00e9rieures \u00e0 V13.2.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V34.1.x ant\u00e9rieures \u00e0 V34.1.242",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V35.0.x ant\u00e9rieures \u00e0 V35.0.170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Email Connector versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.17.x ant\u00e9rieures \u00e0 V3.17 P024",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Workflow Commons versions ant\u00e9rieures \u00e0 2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.15.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Automation Tool versions ant\u00e9rieures \u00e0 V4 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.3.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 V3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V4.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ProSave versions ant\u00e9rieures \u00e0 V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V3.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter STAR-CCM+ toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP1 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 V21.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.16 versions ant\u00e9rieures \u00e0 V3.16 P018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-46345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
    },
    {
      "name": "CVE-2020-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
    },
    {
      "name": "CVE-2015-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
    },
    {
      "name": "CVE-2016-0703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
    },
    {
      "name": "CVE-2021-40365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40365"
    },
    {
      "name": "CVE-2022-41279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41279"
    },
    {
      "name": "CVE-2022-46353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46353"
    },
    {
      "name": "CVE-2016-0701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
    },
    {
      "name": "CVE-2019-6110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
    },
    {
      "name": "CVE-2022-46352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46352"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2022-46347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
    },
    {
      "name": "CVE-2022-46349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2022-46351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46351"
    },
    {
      "name": "CVE-2015-6564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2003-1562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-1562"
    },
    {
      "name": "CVE-2016-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
    },
    {
      "name": "CVE-2022-41280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41280"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2019-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
    },
    {
      "name": "CVE-2022-46346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
    },
    {
      "name": "CVE-2022-41283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41283"
    },
    {
      "name": "CVE-2022-46144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
    },
    {
      "name": "CVE-2016-6302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6302"
    },
    {
      "name": "CVE-2022-45044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45044"
    },
    {
      "name": "CVE-2018-4842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4842"
    },
    {
      "name": "CVE-2022-44731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44731"
    },
    {
      "name": "CVE-2022-46355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46355"
    },
    {
      "name": "CVE-2016-6303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2022-41288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41288"
    },
    {
      "name": "CVE-2019-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
    },
    {
      "name": "CVE-2016-1907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
    },
    {
      "name": "CVE-2016-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2178"
    },
    {
      "name": "CVE-2022-43517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43517"
    },
    {
      "name": "CVE-2016-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
    },
    {
      "name": "CVE-2015-6565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
    },
    {
      "name": "CVE-2022-3160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3160"
    },
    {
      "name": "CVE-2016-6307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6307"
    },
    {
      "name": "CVE-2016-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2179"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2015-4000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
    },
    {
      "name": "CVE-2022-41282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41282"
    },
    {
      "name": "CVE-2015-3194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2022-46350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46350"
    },
    {
      "name": "CVE-2022-46142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46142"
    },
    {
      "name": "CVE-2015-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
    },
    {
      "name": "CVE-2016-6304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
    },
    {
      "name": "CVE-2022-46348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
    },
    {
      "name": "CVE-2022-46140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46140"
    },
    {
      "name": "CVE-2016-1908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1908"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2019-16905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2016-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2181"
    },
    {
      "name": "CVE-2019-6111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
    },
    {
      "name": "CVE-2016-8858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
    },
    {
      "name": "CVE-2016-6515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
    },
    {
      "name": "CVE-2015-3197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
    },
    {
      "name": "CVE-2022-41281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41281"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2015-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2020-7580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7580"
    },
    {
      "name": "CVE-2015-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
    },
    {
      "name": "CVE-2016-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
    },
    {
      "name": "CVE-2015-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
    },
    {
      "name": "CVE-2022-34821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34821"
    },
    {
      "name": "CVE-2016-6308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6308"
    },
    {
      "name": "CVE-2021-44694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44694"
    },
    {
      "name": "CVE-2016-6306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6306"
    },
    {
      "name": "CVE-2017-15906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15906"
    },
    {
      "name": "CVE-2021-44695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44695"
    },
    {
      "name": "CVE-2022-3161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3161"
    },
    {
      "name": "CVE-2016-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10010"
    },
    {
      "name": "CVE-2022-45936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45936"
    },
    {
      "name": "CVE-2022-46265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46265"
    },
    {
      "name": "CVE-2016-0704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
    },
    {
      "name": "CVE-2016-0702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2022-43723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43723"
    },
    {
      "name": "CVE-2018-15473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15473"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2022-45484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45484"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2003-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0190"
    },
    {
      "name": "CVE-2018-20685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
    },
    {
      "name": "CVE-2016-6305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6305"
    },
    {
      "name": "CVE-2015-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
    },
    {
      "name": "CVE-2016-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
    },
    {
      "name": "CVE-2022-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
    },
    {
      "name": "CVE-2022-41286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41286"
    },
    {
      "name": "CVE-2016-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
    },
    {
      "name": "CVE-2022-41278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41278"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2015-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
    },
    {
      "name": "CVE-2022-41287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41287"
    },
    {
      "name": "CVE-2022-45937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45937"
    },
    {
      "name": "CVE-2022-46354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46354"
    },
    {
      "name": "CVE-2022-43724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43724"
    },
    {
      "name": "CVE-2022-43722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43722"
    },
    {
      "name": "CVE-2016-6210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6210"
    },
    {
      "name": "CVE-2015-3196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2022-41284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41284"
    },
    {
      "name": "CVE-2016-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2842"
    },
    {
      "name": "CVE-2015-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
    },
    {
      "name": "CVE-2016-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2180"
    },
    {
      "name": "CVE-2021-44693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44693"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2016-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
    },
    {
      "name": "CVE-2016-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
    },
    {
      "name": "CVE-2015-6574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6574"
    },
    {
      "name": "CVE-2015-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2019-13924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2022-44575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44575"
    },
    {
      "name": "CVE-2022-41285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41285"
    },
    {
      "name": "CVE-2022-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46664"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    },
    {
      "name": "CVE-2022-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3159"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    },
    {
      "name": "CVE-2018-4848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4848"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-1094",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2022-12-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180579.html"
    }
  ]
}

CERTFR-2016-AVI-151

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL versions 1.0.1x antérieures à 1.0.1t
	OpenSSL	OpenSSL	OpenSSL versions 1.0.2x antérieures à 1.0.2h

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 03 mai 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions 1.0.1x ant\u00e9rieures \u00e0 1.0.1t",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.0.2x ant\u00e9rieures \u00e0 1.0.2h",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOpenSSL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 03 mai 2016",
      "url": "https://www.openssl.org/news/secadv/20160503.txt"
    }
  ]
}

CERTFR-2016-AVI-153

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Cisco WebEx Meetings Server version 2.6
Cisco	N/A	Cisco Prime Collaboration Assurance Software versions 10.5 à 11.0
Cisco	N/A	Cisco Finesse
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 6.0.x antérieures à 6.0.1
Cisco	N/A	Cisco APIC-EM version 1.0(1)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x antérieures à 5.3.1.7
Cisco	N/A	Cisco FirePOWER versions 5.3.x antérieures à 5.3.0.7
Cisco	N/A	Voir sur le site du constructeur pour les systèmes affectés par les vulnérabilités du Network Time Protocol Daemon (cf. section Documentation)
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x antérieures à 5.4.1.6
Cisco	N/A	Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x antérieures à 5.4.0.7
Cisco	N/A	Cisco Information Server version 6.2
Cisco	N/A	Cisco FirePOWER versions 5.4.x antérieures à 5.4.0.4
Cisco	N/A	Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical exécutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 03 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160428-ntpd du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-tpxml du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-apic du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cis du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160428-cwms du 28 avril 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-finesse du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-openssl du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-fpkern du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160504-firepower du 04 mai 2016	-	other
Bulletin de sécurité Cisco cisco-sa-20160503-pca du 04 mai 2016	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco WebEx Meetings Server version 2.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Collaboration Assurance Software versions 10.5 \u00e0 11.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 6.0.x ant\u00e9rieures \u00e0 6.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco APIC-EM version 1.0(1)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.3.1.x ant\u00e9rieures \u00e0 5.3.1.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.3.x ant\u00e9rieures \u00e0 5.3.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Voir sur le site du constructeur pour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s du Network Time Protocol Daemon (cf. section Documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.1.x ant\u00e9rieures \u00e0 5.4.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco ASA 5585-X FirePOWER SSP versions 5.4.0.x ant\u00e9rieures \u00e0 5.4.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Information Server version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco FirePOWER versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco TelePresence EX Series, Integrator C Series, MX Series, Profile Series, SX Series, SX Quick Set Series, VX Clinical Assistant et VX Tactical ex\u00e9cutant les versions suivantes : TC 7.2.0, TC 7.2.1, TC 7.3.0, TC 7.3.1, TC 7.3.2, TC 7.3.3, TC 7.3.4, TC 7.3.5, CE 8.0.0, CE 8.0.1, ou CE 8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1547"
    },
    {
      "name": "CVE-2016-1387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1387"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-1550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1550"
    },
    {
      "name": "CVE-2016-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1343"
    },
    {
      "name": "CVE-2016-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1549"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-1368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1368"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1551"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-1373",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1373"
    },
    {
      "name": "CVE-2016-1392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1392"
    },
    {
      "name": "CVE-2016-2516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
    },
    {
      "name": "CVE-2016-2518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2518"
    },
    {
      "name": "CVE-2016-2519",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2519"
    },
    {
      "name": "CVE-2016-1369",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1369"
    },
    {
      "name": "CVE-2015-7704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7704"
    },
    {
      "name": "CVE-2016-2517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2517"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-1386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1386"
    },
    {
      "name": "CVE-2016-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1389"
    },
    {
      "name": "CVE-2016-1548",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1548"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-ntpd"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-apic"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cis"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28    avril 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160428-cwms"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-openssl"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04    mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-fpkern"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du    04 mai 2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-firepower"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 04 mai    2016",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160503-pca"
    }
  ],
  "reference": "CERTFR-2016-AVI-153",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-apic du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cwms du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-cis du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-openssl du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-firepower du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-fpkern du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-finesse du 04 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160428-ntpd du 28 avril 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160503-pca du 03 mai 2016",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20160504-tpxml du 04 mai 2016",
      "url": null
    }
  ]
}

CERTFR-2016-AVI-239

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	Apple tvOS versions antérieures à 9.2.2
Apple	N/A	Apple iTunes pour Windows versions antérieures à 12.4.2
Apple	N/A	Apple iCloud pour Windows versions antérieures à 5.2.1
Apple	Safari	Apple Safari versions antérieures à 9.1.2
Apple	N/A	Apple watchOS versions antérieures à 2.2.2
Apple	N/A	Apple OS X El Capitan versions antérieures à 10.11.6 et sans la mise à jour de sécurité 2016-004
Apple	N/A	Apple iOS versions antérieures à 9.3.3

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT206902 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206905 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206903 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206901 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206904 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206899 du 18 juillet 2016	None	vendor-advisory
Bulletin de sécurité Apple HT206900 du 18 juillet 2016	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple tvOS versions ant\u00e9rieures \u00e0 9.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iTunes pour Windows versions ant\u00e9rieures \u00e0 12.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iCloud pour Windows versions ant\u00e9rieures \u00e0 5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Safari versions ant\u00e9rieures \u00e0 9.1.2",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple watchOS versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple OS X El Capitan versions ant\u00e9rieures \u00e0 10.11.6 et sans la mise \u00e0 jour de s\u00e9curit\u00e9 2016-004",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple iOS versions ant\u00e9rieures \u00e0 9.3.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-4650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4650"
    },
    {
      "name": "CVE-2016-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1865"
    },
    {
      "name": "CVE-2016-4584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4584"
    },
    {
      "name": "CVE-2016-4645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4645"
    },
    {
      "name": "CVE-2016-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
    },
    {
      "name": "CVE-2016-4648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4648"
    },
    {
      "name": "CVE-2016-4629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4629"
    },
    {
      "name": "CVE-2016-4601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4601"
    },
    {
      "name": "CVE-2016-4600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4600"
    },
    {
      "name": "CVE-2016-4646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4646"
    },
    {
      "name": "CVE-2016-4623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4623"
    },
    {
      "name": "CVE-2016-4582",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4582"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2016-4595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4595"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2016-4614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4614"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-4589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4589"
    },
    {
      "name": "CVE-2016-4627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4627"
    },
    {
      "name": "CVE-2016-1863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1863"
    },
    {
      "name": "CVE-2016-4631",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4631"
    },
    {
      "name": "CVE-2016-4615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4615"
    },
    {
      "name": "CVE-2016-4632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4632"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2016-4598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4598"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2016-4649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4649"
    },
    {
      "name": "CVE-2016-4621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4621"
    },
    {
      "name": "CVE-2016-4592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4592"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2016-4624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4624"
    },
    {
      "name": "CVE-2016-4634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4634"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2016-4619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4619"
    },
    {
      "name": "CVE-2016-4596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4596"
    },
    {
      "name": "CVE-2016-4588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4588"
    },
    {
      "name": "CVE-2016-4610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
    },
    {
      "name": "CVE-2016-4637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4637"
    },
    {
      "name": "CVE-2016-4597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4597"
    },
    {
      "name": "CVE-2016-4599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4599"
    },
    {
      "name": "CVE-2016-4633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4633"
    },
    {
      "name": "CVE-2016-4612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
    },
    {
      "name": "CVE-2016-4605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4605"
    },
    {
      "name": "CVE-2016-4587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4587"
    },
    {
      "name": "CVE-2016-4602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4602"
    },
    {
      "name": "CVE-2016-4652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4652"
    },
    {
      "name": "CVE-2016-4586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4586"
    },
    {
      "name": "CVE-2016-4607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
    },
    {
      "name": "CVE-2016-4594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4594"
    },
    {
      "name": "CVE-2016-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1864"
    },
    {
      "name": "CVE-2016-4641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4641"
    },
    {
      "name": "CVE-2016-4647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4647"
    },
    {
      "name": "CVE-2016-4583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4583"
    },
    {
      "name": "CVE-2014-9862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9862"
    },
    {
      "name": "CVE-2016-4625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4625"
    },
    {
      "name": "CVE-2016-4616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4616"
    },
    {
      "name": "CVE-2016-4590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4590"
    },
    {
      "name": "CVE-2016-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4640"
    },
    {
      "name": "CVE-2016-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4603"
    },
    {
      "name": "CVE-2016-4585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4585"
    },
    {
      "name": "CVE-2016-4593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4593"
    },
    {
      "name": "CVE-2016-4635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4635"
    },
    {
      "name": "CVE-2016-4608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
    },
    {
      "name": "CVE-2016-4638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4638"
    },
    {
      "name": "CVE-2016-4639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4639"
    },
    {
      "name": "CVE-2016-4591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4591"
    },
    {
      "name": "CVE-2016-4630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4630"
    },
    {
      "name": "CVE-2016-4604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4604"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2016-4622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4622"
    },
    {
      "name": "CVE-2016-4628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4628"
    },
    {
      "name": "CVE-2016-4626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4626"
    },
    {
      "name": "CVE-2016-4651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4651"
    },
    {
      "name": "CVE-2016-4483",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4483"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-239",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Apple\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206902 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206902"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206905 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206905"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206903 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206903"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206901 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206901"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206904 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206904"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206899 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206899"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT206900 du 18 juillet 2016",
      "url": "https://support.apple.com/en-us/HT206900"
    }
  ]
}

CERTFR-2017-AVI-122

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	Oracle MySQL Cluster versions 7.2.27 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Backup versions 3.12.3 et antérieures
Oracle	MySQL	Oracle MySQL Connectors versions 5.1.41 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.4.14 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.2.1182 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Backup versions 4.0.3 et antérieures
Oracle	MySQL	Oracle MySQL Workbench versions 6.3.8 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.6.35 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.1.6.8003 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.3.2.1162 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.7.17 et antérieures
Oracle	MySQL	Oracle MySQL Connectors versions 2.1.5 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.5.5 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.5.54 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.3.16 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2017verbose-3236619 du 18 avril 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2017-3236618 du 18 avril 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2017-3236618 du 18 avril 2017	-	other
Bulletin de sécurité Oracle cpuapr2017verbose-3236619 du 18 avril 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle MySQL Cluster versions 7.2.27 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Backup versions 3.12.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Connectors versions 5.1.41 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.4.14 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.2.1182 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Backup versions 4.0.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Workbench versions 6.3.8 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.6.35 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.1.6.8003 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.3.2.1162 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.7.17 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Connectors versions 2.1.5 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.5.5 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.5.54 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.3.16 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3458"
    },
    {
      "name": "CVE-2017-3462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3462"
    },
    {
      "name": "CVE-2017-3467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3467"
    },
    {
      "name": "CVE-2017-3306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3306"
    },
    {
      "name": "CVE-2017-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3456"
    },
    {
      "name": "CVE-2016-3092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
    },
    {
      "name": "CVE-2017-3468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3468"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2017-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3600"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2017-3460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3460"
    },
    {
      "name": "CVE-2016-6303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
    },
    {
      "name": "CVE-2017-3307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3307"
    },
    {
      "name": "CVE-2017-3453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3453"
    },
    {
      "name": "CVE-2017-3469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3469"
    },
    {
      "name": "CVE-2017-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3590"
    },
    {
      "name": "CVE-2017-3308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3308"
    },
    {
      "name": "CVE-2017-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3599"
    },
    {
      "name": "CVE-2017-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3586"
    },
    {
      "name": "CVE-2017-3463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3463"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3461"
    },
    {
      "name": "CVE-2017-3455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3455"
    },
    {
      "name": "CVE-2017-3302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3302"
    },
    {
      "name": "CVE-2017-3454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3454"
    },
    {
      "name": "CVE-2017-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3450"
    },
    {
      "name": "CVE-2017-3457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3457"
    },
    {
      "name": "CVE-2017-3465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3465"
    },
    {
      "name": "CVE-2017-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3589"
    },
    {
      "name": "CVE-2017-3452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3452"
    },
    {
      "name": "CVE-2017-3331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3331"
    },
    {
      "name": "CVE-2017-3464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3464"
    },
    {
      "name": "CVE-2017-3304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3304"
    },
    {
      "name": "CVE-2017-5638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5638"
    },
    {
      "name": "CVE-2017-3305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3305"
    },
    {
      "name": "CVE-2017-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3329"
    },
    {
      "name": "CVE-2017-3309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3309"
    },
    {
      "name": "CVE-2017-3459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3459"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017-3236618 du 18 avril    2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017verbose-3236619 du 18    avril 2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017verbose-3236619.html#MSQL"
    }
  ],
  "reference": "CERTFR-2017-AVI-122",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle MySQL\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017verbose-3236619 du 18 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017-3236618 du 18 avril 2017",
      "url": null
    }
  ]
}

BDU:2020-02964

Vulnerability from fstec - Published: 04.05.2016

Title

Уязвимость функции X509_NAME_oneline (crypto/x509/x509_obj.c) библиотеки OpenSSL, позволяющая нарушителю получить несанкционированный доступ к конфиденциальным данным или вызвать отказ в обслуживании

Description

Уязвимость функции X509_NAME_oneline (crypto/x509/x509_obj.c) библиотеки OpenSSL связана с выходом операции за допустимые границы буфера данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к конфиденциальным данным или вызвать отказ в обслуживании

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, Novell Inc., ООО «РусБИТех-Астра», OpenSSL Software Foundation

Software Name

Debian GNU/Linux, OpenSUSE Leap, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Software Development Kit, Suse Linux Enterprise Server, Astra Linux Common Edition (запись в едином реестре российских программ №4433), SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise High Performance Computing, openSUSE Tumbleweed, SUSE Linux Enterprise Server for Raspberry Pi, OpenSSL

Software Version

9 (Debian GNU/Linux), 42.2 (OpenSUSE Leap), 42.3 (OpenSUSE Leap), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 2.12 «Орёл» (Astra Linux Common Edition), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP2 (Suse Linux Enterprise Server), 12 SP2 (SUSE Linux Enterprise Software Development Kit), 12 SP5 (SUSE Linux Enterprise High Performance Computing), - (openSUSE Tumbleweed), 12 SP2 (SUSE Linux Enterprise Server for Raspberry Pi), до 1.0.2g включительно (OpenSSL)

Possible Mitigations

Использование рекомендаций: Для openssl: Обновление программного обеспечения до 1.0.2e-1 или более поздней версии Для Debian: Обновление программного обеспечения (пакета openssl) до 1.1.1d-0+deb10u2 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета openssl) до 1.1.1d-0+deb10u2 или более поздней версии Для программных продуктов Novell Inc.: https://www.suse.com/security/cve/CVE-2016-2176/

Reference

https://www.openssl.org/news/secadv/20160503.txt https://nvd.nist.gov/vuln/detail/CVE-2016-2176 https://security-tracker.debian.org/tracker/CVE-2016-2176 https://www.suse.com/security/cve/CVE-2016-2176/

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Novell Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, OpenSSL Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 42.2 (OpenSUSE Leap), 42.3 (OpenSUSE Leap), 12 SP3 (Suse Linux Enterprise Desktop), 12 SP4 (Suse Linux Enterprise Desktop), 12 SP3 (SUSE Linux Enterprise Software Development Kit), 12 SP4 (SUSE Linux Enterprise Software Development Kit), 12 SP3 (Suse Linux Enterprise Server), 12 SP4 (Suse Linux Enterprise Server), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 15 (SUSE Linux Enterprise Module for Basesystem), 15 SP1 (SUSE Linux Enterprise Module for Basesystem), 15.0 (OpenSUSE Leap), 15 SP1 (SUSE Linux Enterprise Module for Legacy Software), 15 (SUSE Linux Enterprise Module for Legacy Software), 12 SP5 (Suse Linux Enterprise Server), 12 SP5 (SUSE Linux Enterprise Software Development Kit), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 12 SP2 (Suse Linux Enterprise Desktop), 12 SP2 (Suse Linux Enterprise Server), 12 SP2 (SUSE Linux Enterprise Software Development Kit), 12 SP5 (SUSE Linux Enterprise High Performance Computing), - (openSUSE Tumbleweed), 12 SP2 (SUSE Linux Enterprise Server for Raspberry Pi), \u0434\u043e 1.0.2g \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (OpenSSL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f openssl:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 1.0.2e-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openssl) \u0434\u043e 1.1.1d-0+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 openssl) \u0434\u043e 1.1.1d-0+deb10u2 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://www.suse.com/security/cve/CVE-2016-2176/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "04.05.2016",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "26.06.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.06.2020",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2020-02964",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2016-2176",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, OpenSUSE Leap, Suse Linux Enterprise Desktop, SUSE Linux Enterprise Software Development Kit, Suse Linux Enterprise Server, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), SUSE Linux Enterprise Module for Basesystem, SUSE Linux Enterprise Module for Legacy Software, SUSE Linux Enterprise High Performance Computing, openSUSE Tumbleweed, SUSE Linux Enterprise Server for Raspberry Pi, OpenSSL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Novell Inc. OpenSUSE Leap 42.2 , Novell Inc. OpenSUSE Leap 42.3 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.0 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 X509_NAME_oneline (crypto/x509/x509_obj.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 X509_NAME_oneline (crypto/x509/x509_obj.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u044b\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.openssl.org/news/secadv/20160503.txt\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-2176\nhttps://security-tracker.debian.org/tracker/CVE-2016-2176\nhttps://www.suse.com/security/cve/CVE-2016-2176/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,2)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-2176 (GCVE-0-2016-2176)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature