Vulnerability-Lookup

CVE-2018-0739 (GCVE-0-2018-0739)

Vulnerability from cvelistv5 – Published: 2018-03-27 21:00 – Updated: 2024-09-16 22:35

Title

Constructed ASN.1 types with a recursive definition could exceed the stack

Summary

Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).

Severity ?

No CVSS data available.

CWE

Stack overflow

Assigner

openssl

References

34 references

URL	Tags
https://usn.ubuntu.com/3611-2/	vendor-advisoryx_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4158	vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201811-21	vendor-advisoryx_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2019:0367	vendor-advisoryx_refsource_REDHAT
https://www.debian.org/security/2018/dsa-4157	vendor-advisoryx_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:3505	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/103518	vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040576	vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:3221	vendor-advisoryx_refsource_REDHAT
http://www.securityfocus.com/bid/105609	vdb-entryx_refsource_BID
https://usn.ubuntu.com/3611-1/	vendor-advisoryx_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018…	mailing-listx_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:0366	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3090	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1711	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:1712	vendor-advisoryx_refsource_REDHAT
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advis…	x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2018072…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/202007-53	vendor-advisoryx_refsource_GENTOO
https://securityadvisories.paloaltonetworks.com/H…	x_refsource_CONFIRM
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://www.tenable.com/security/tns-2018-07	x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-04	x_refsource_CONFIRM
https://nodejs.org/en/blog/vulnerability/march-20…	x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…	x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba…	x_refsource_CONFIRM
https://www.tenable.com/security/tns-2018-06	x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-2018033…	x_refsource_CONFIRM
https://www.openssl.org/news/secadv/20180327.txt	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
OpenSSL	OpenSSL	Affected: Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g) Affected: Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)

Date Public ?

2018-03-27 00:00

Credits

OSS-fuzz

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:49.367Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-3611-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3611-2/"
          },
          {
            "name": "DSA-4158",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4158"
          },
          {
            "name": "GLSA-201811-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201811-21"
          },
          {
            "name": "RHSA-2019:0367",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0367"
          },
          {
            "name": "DSA-4157",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4157"
          },
          {
            "name": "RHSA-2018:3505",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3505"
          },
          {
            "name": "103518",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103518"
          },
          {
            "name": "1040576",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040576"
          },
          {
            "name": "RHSA-2018:3221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3221"
          },
          {
            "name": "105609",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105609"
          },
          {
            "name": "USN-3611-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3611-1/"
          },
          {
            "name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
          },
          {
            "name": "RHSA-2019:0366",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0366"
          },
          {
            "name": "RHSA-2018:3090",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3090"
          },
          {
            "name": "RHSA-2019:1711",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1711"
          },
          {
            "name": "RHSA-2019:1712",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1712"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
          },
          {
            "name": "GLSA-202007-53",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-53"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-07"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-04"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2018-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20180327.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "OSS-fuzz"
        }
      ],
      "datePublic": "2018-03-27T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Stack overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:11.000Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "USN-3611-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3611-2/"
        },
        {
          "name": "DSA-4158",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4158"
        },
        {
          "name": "GLSA-201811-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201811-21"
        },
        {
          "name": "RHSA-2019:0367",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0367"
        },
        {
          "name": "DSA-4157",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4157"
        },
        {
          "name": "RHSA-2018:3505",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3505"
        },
        {
          "name": "103518",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103518"
        },
        {
          "name": "1040576",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040576"
        },
        {
          "name": "RHSA-2018:3221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3221"
        },
        {
          "name": "105609",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105609"
        },
        {
          "name": "USN-3611-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3611-1/"
        },
        {
          "name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
        },
        {
          "name": "RHSA-2019:0366",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0366"
        },
        {
          "name": "RHSA-2018:3090",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3090"
        },
        {
          "name": "RHSA-2019:1711",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1711"
        },
        {
          "name": "RHSA-2019:1712",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1712"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
        },
        {
          "name": "GLSA-202007-53",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202007-53"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-07"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-04"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2018-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20180327.txt"
        }
      ],
      "title": "Constructed ASN.1 types with a recursive definition could exceed the stack",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2018-03-27",
          "ID": "CVE-2018-0739",
          "STATE": "PUBLIC",
          "TITLE": "Constructed ASN.1 types with a recursive definition could exceed the stack"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g)"
                          },
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "OSS-fuzz"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Stack overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-3611-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3611-2/"
            },
            {
              "name": "DSA-4158",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4158"
            },
            {
              "name": "GLSA-201811-21",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201811-21"
            },
            {
              "name": "RHSA-2019:0367",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0367"
            },
            {
              "name": "DSA-4157",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4157"
            },
            {
              "name": "RHSA-2018:3505",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3505"
            },
            {
              "name": "103518",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103518"
            },
            {
              "name": "1040576",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040576"
            },
            {
              "name": "RHSA-2018:3221",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3221"
            },
            {
              "name": "105609",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105609"
            },
            {
              "name": "USN-3611-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3611-1/"
            },
            {
              "name": "[debian-lts-announce] 20180330 [SECURITY] [DLA 1330-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html"
            },
            {
              "name": "RHSA-2019:0366",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0366"
            },
            {
              "name": "RHSA-2018:3090",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3090"
            },
            {
              "name": "RHSA-2019:1711",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1711"
            },
            {
              "name": "RHSA-2019:1712",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1712"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
            },
            {
              "name": "GLSA-202007-53",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202007-53"
            },
            {
              "name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133",
              "refsource": "CONFIRM",
              "url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/133"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-07",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-07"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-04"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9310d45087ae546e27e61ddf8f6367f29848220d"
            },
            {
              "name": "https://www.tenable.com/security/tns-2018-06",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2018-06"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180330-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180330-0002/"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20180327.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20180327.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2018-0739",
    "datePublished": "2018-03-27T21:00:00.000Z",
    "dateReserved": "2017-11-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:35:29.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-0739",
      "date": "2026-05-19",
      "epss": "0.14445",
      "percentile": "0.94509"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.2b\", \"versionEndIncluding\": \"1.0.2n\", \"matchCriteriaId\": \"FFF63A06-9A8B-4280-A52D-4280136908CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.1.0\", \"versionEndIncluding\": \"1.1.0g\", \"matchCriteriaId\": \"322768B5-2E14-40B9-A784-8981F4376E13\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"B5A6F2F3-4894-4392-8296-3B8DD2679084\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\", \"matchCriteriaId\": \"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9070C9D8-A14A-467F-8253-33B966C16886\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"16F59A04-14CF-49E2-9973-645477EA09DA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).\"}, {\"lang\": \"es\", \"value\": \"Los tipos constructed ASN.1 con una definici\\u00f3n recursiva (como la que podemos encontrar en PKCS7) podr\\u00edan acabar excediendo la pila debido a entradas maliciosas con recursi\\u00f3n excesiva. Esto podr\\u00eda dar como resultado un ataque de denegaci\\u00f3n de servicio (DoS). No hay estructuras de este tipo empleadas en SSL/TLS que provengan de fuentes no fiables, por lo que se consideran seguras. Solucionado en OpenSSL 1.1.0h (versiones 1.1.0-1.1.0g afectadas). Solucionado en OpenSSL 1.0.2o (versiones 1.0.2b-1.0.2n afectadas).\"}]",
      "id": "CVE-2018-0739",
      "lastModified": "2024-11-21T03:38:50.910",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2018-03-27T21:29:00.673",
      "references": "[{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"http://www.securityfocus.com/bid/103518\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/105609\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"http://www.securitytracker.com/id/1040576\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3090\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3221\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3505\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0366\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0367\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1711\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1712\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201811-21\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-53\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180330-0002/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180726-0002/\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://securityadvisories.paloaltonetworks.com/Home/Detail/133\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://usn.ubuntu.com/3611-1/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3611-2/\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4157\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4158\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20180327.txt\", \"source\": \"openssl-security@openssl.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-04\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-06\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-07\", \"source\": \"openssl-security@openssl.org\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/103518\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/105609\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1040576\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3090\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3221\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0366\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:0367\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:1712\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201811-21\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202007-53\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180330-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20180726-0002/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://securityadvisories.paloaltonetworks.com/Home/Detail/133\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3611-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3611-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2018/dsa-4158\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20180327.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com//security-alerts/cpujul2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-04\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.tenable.com/security/tns-2018-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "openssl-security@openssl.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-674\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-0739\",\"sourceIdentifier\":\"openssl-security@openssl.org\",\"published\":\"2018-03-27T21:29:00.673\",\"lastModified\":\"2024-11-21T03:38:50.910\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Constructed ASN.1 types with a recursive definition (such as can be found in PKCS7) could eventually exceed the stack given malicious input with excessive recursion. This could result in a Denial Of Service attack. There are no such structures used within SSL/TLS that come from untrusted sources so this is considered safe. Fixed in OpenSSL 1.1.0h (Affected 1.1.0-1.1.0g). Fixed in OpenSSL 1.0.2o (Affected 1.0.2b-1.0.2n).\"},{\"lang\":\"es\",\"value\":\"Los tipos constructed ASN.1 con una definici\u00f3n recursiva (como la que podemos encontrar en PKCS7) podr\u00edan acabar excediendo la pila debido a entradas maliciosas con recursi\u00f3n excesiva. Esto podr\u00eda dar como resultado un ataque de denegaci\u00f3n de servicio (DoS). No hay estructuras de este tipo empleadas en SSL/TLS que provengan de fuentes no fiables, por lo que se consideran seguras. Solucionado en OpenSSL 1.1.0h (versiones 1.1.0-1.1.0g afectadas). Solucionado en OpenSSL 1.0.2o (versiones 1.0.2b-1.0.2n afectadas).\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-674\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.2b\",\"versionEndIncluding\":\"1.0.2n\",\"matchCriteriaId\":\"FFF63A06-9A8B-4280-A52D-4280136908CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.1.0\",\"versionEndIncluding\":\"1.1.0g\",\"matchCriteriaId\":\"322768B5-2E14-40B9-A784-8981F4376E13\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9070C9D8-A14A-467F-8253-33B966C16886\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.securityfocus.com/bid/103518\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105609\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.securitytracker.com/id/1040576\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3090\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3221\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3505\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1711\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1712\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.gentoo.org/glsa/201811-21\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.gentoo.org/glsa/202007-53\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180330-0002/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180726-0002/\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://securityadvisories.paloaltonetworks.com/Home/Detail/133\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://usn.ubuntu.com/3611-1/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3611-2/\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4157\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4158\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20180327.txt\",\"source\":\"openssl-security@openssl.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.tenable.com/security/tns-2018-04\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.tenable.com/security/tns-2018-06\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"https://www.tenable.com/security/tns-2018-07\",\"source\":\"openssl-security@openssl.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/103518\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105609\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1040576\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3221\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0366\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:0367\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1712\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9310d45087ae546e27e61ddf8f6367f29848220d\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/03/msg00033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201811-21\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202007-53\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20180330-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20180726-0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://securityadvisories.paloaltonetworks.com/Home/Detail/133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3611-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3611-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.openssl.org/news/secadv/20180327.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2018-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2018-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.tenable.com/security/tns-2018-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTFR-2018-AVI-155

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans OpenSSL. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL versions 1.1.0 antérieures à 1.1.0h
	OpenSSL	OpenSSL	OpenSSL versions 1.0.2 antérieures à 1.0.2o

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 27 mars 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions 1.1.0 ant\u00e9rieures \u00e0 1.1.0h",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.0.2 ant\u00e9rieures \u00e0 1.0.2o",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-0733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0733"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-155",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-03-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL. Elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 27 mars 2018",
      "url": "https://www.openssl.org/news/secadv/20180327.txt"
    }
  ]
}

CERTFR-2018-AVI-190

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	Virtualization	Oracle Secure Global Desktop (SGD) version 5.3
Oracle	Virtualization	Oracle VM VirtualBox versions 5.1.x antérieures à 5.1.36
Oracle	Virtualization	Oracle VM VirtualBox versions 5.2.x antérieures à 5.2.10

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2018verbose-3678067 du 17 avril 2018	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2018-3678067 du 17 avril 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Secure Global Desktop (SGD) version 5.3",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions 5.1.x ant\u00e9rieures \u00e0 5.1.36",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions 5.2.x ant\u00e9rieures \u00e0 5.2.10",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2842"
    },
    {
      "name": "CVE-2018-2836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2836"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-9798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
    },
    {
      "name": "CVE-2017-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
    },
    {
      "name": "CVE-2018-2860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2860"
    },
    {
      "name": "CVE-2018-2831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2831"
    },
    {
      "name": "CVE-2018-2845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2845"
    },
    {
      "name": "CVE-2018-2843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2843"
    },
    {
      "name": "CVE-2018-2844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2844"
    },
    {
      "name": "CVE-2018-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2830"
    },
    {
      "name": "CVE-2018-2837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2837"
    },
    {
      "name": "CVE-2018-2835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2835"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-190",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle\nVirtualization. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2018verbose-3678067 du 17 avril 2018",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018verbose-3678108.html#OVIR"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2018-3678067 du 17 avril 2018",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    }
  ]
}

CERTFR-2018-AVI-293

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Agent. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus Agent	Nessus Agent versions 7.0.3 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable TNS-2018-09 du 14 juin 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus Agent versions 7.0.3 et ant\u00e9rieures",
      "product": {
        "name": "Nessus Agent",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
    },
    {
      "name": "CVE-2017-9233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9233"
    },
    {
      "name": "CVE-2015-8383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8383"
    },
    {
      "name": "CVE-2015-3217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3217"
    },
    {
      "name": "CVE-2017-18258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
    },
    {
      "name": "CVE-2016-3191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
    },
    {
      "name": "CVE-2017-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11742"
    },
    {
      "name": "CVE-2015-5073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5073"
    },
    {
      "name": "CVE-2017-7245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
    },
    {
      "name": "CVE-2016-9842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9842"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2017-9047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
    },
    {
      "name": "CVE-2014-9769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9769"
    },
    {
      "name": "CVE-2015-8381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8381"
    },
    {
      "name": "CVE-2017-1000061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000061"
    },
    {
      "name": "CVE-2017-9048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
    },
    {
      "name": "CVE-2015-8392",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8392"
    },
    {
      "name": "CVE-2017-6004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
    },
    {
      "name": "CVE-2012-6139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6139"
    },
    {
      "name": "CVE-2016-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1283"
    },
    {
      "name": "CVE-2017-9050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
    },
    {
      "name": "CVE-2016-9318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
    },
    {
      "name": "CVE-2015-8395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8395"
    },
    {
      "name": "CVE-2016-9840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9840"
    },
    {
      "name": "CVE-2017-16932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16932"
    },
    {
      "name": "CVE-2017-5029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5029"
    },
    {
      "name": "CVE-2015-9019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9019"
    },
    {
      "name": "CVE-2016-0718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
    },
    {
      "name": "CVE-2016-5300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
    },
    {
      "name": "CVE-2016-4472",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4472"
    },
    {
      "name": "CVE-2016-9063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
    },
    {
      "name": "CVE-2017-7186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
    },
    {
      "name": "CVE-2016-1684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1684"
    },
    {
      "name": "CVE-2018-0733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0733"
    },
    {
      "name": "CVE-2012-0876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
    },
    {
      "name": "CVE-2012-6702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6702"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2014-8964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8964"
    },
    {
      "name": "CVE-2015-8388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
    },
    {
      "name": "CVE-2017-7375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
    },
    {
      "name": "CVE-2017-7244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2015-7995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7995"
    },
    {
      "name": "CVE-2015-8385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
    },
    {
      "name": "CVE-2015-8394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
    },
    {
      "name": "CVE-2015-8391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
    },
    {
      "name": "CVE-2015-8386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
    },
    {
      "name": "CVE-2015-8384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8384"
    },
    {
      "name": "CVE-2017-7246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
    },
    {
      "name": "CVE-2015-8380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
    },
    {
      "name": "CVE-2015-8387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2018-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
    },
    {
      "name": "CVE-2017-16931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
    },
    {
      "name": "CVE-2015-8382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8382"
    },
    {
      "name": "CVE-2018-11214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11214"
    },
    {
      "name": "CVE-2015-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
    },
    {
      "name": "CVE-2017-9049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
    },
    {
      "name": "CVE-2015-8390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
    },
    {
      "name": "CVE-2016-5131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
    },
    {
      "name": "CVE-2017-8872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8872"
    },
    {
      "name": "CVE-2016-1683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1683"
    },
    {
      "name": "CVE-2015-8389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8389"
    },
    {
      "name": "CVE-2017-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5969"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-293",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nAgent. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Agent",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable TNS-2018-09 du 14 juin 2018",
      "url": "https://www.tenable.com/security/tns-2018-09"
    }
  ]
}

CERTFR-2018-AVI-349

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Enterprise Monitor versions 3.4.7.4297 et antérieures
Oracle	MySQL	MySQL Server versions 5.5.60 et antérieures, versions 5.6.40 et antérieures, versions 5.7.22 et antérieures, versions 8.0.11 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 5.6.40 et antérieures
Oracle	MySQL	MySQL Client versions 5.5.60 et antérieures, versions 5.6.40 et antérieures, versions 5.7.22 et antérieures, versions 8.0.11 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 8.0.0.8131 et antérieures
Oracle	MySQL	MySQL Workbench versions 6.3.10 et antérieures, versions 8.0.11 et antérieures
Oracle	MySQL	MySQL Connectors versions 5.3.10 et antérieures, versions 8.0.11 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 4.0.4.5235 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 5.7.22 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2018-4258247 du 17 juillet 2018	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2018verbose-4258253 du 17 juillet 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL Enterprise Monitor versions 3.4.7.4297 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 5.5.60 et ant\u00e9rieures, versions 5.6.40 et ant\u00e9rieures, versions 5.7.22 et ant\u00e9rieures, versions 8.0.11 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 5.6.40 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Client versions 5.5.60 et ant\u00e9rieures, versions 5.6.40 et ant\u00e9rieures, versions 5.7.22 et ant\u00e9rieures, versions 8.0.11 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 8.0.0.8131 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Workbench versions 6.3.10 et ant\u00e9rieures, versions 8.0.11 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Connectors versions 5.3.10 et ant\u00e9rieures, versions 8.0.11 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 4.0.4.5235 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 5.7.22 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3066"
    },
    {
      "name": "CVE-2018-3080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3080"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-3061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3061"
    },
    {
      "name": "CVE-2017-0379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-0379"
    },
    {
      "name": "CVE-2018-3079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3079"
    },
    {
      "name": "CVE-2018-3073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3073"
    },
    {
      "name": "CVE-2018-3067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3067"
    },
    {
      "name": "CVE-2018-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3074"
    },
    {
      "name": "CVE-2018-3054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3054"
    },
    {
      "name": "CVE-2018-3062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3062"
    },
    {
      "name": "CVE-2018-3058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3058"
    },
    {
      "name": "CVE-2018-3078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3078"
    },
    {
      "name": "CVE-2018-2598",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2598"
    },
    {
      "name": "CVE-2018-3081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3081"
    },
    {
      "name": "CVE-2018-3060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3060"
    },
    {
      "name": "CVE-2017-5645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
    },
    {
      "name": "CVE-2018-3056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3056"
    },
    {
      "name": "CVE-2018-3063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3063"
    },
    {
      "name": "CVE-2018-3075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3075"
    },
    {
      "name": "CVE-2018-2767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2767"
    },
    {
      "name": "CVE-2018-3071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3071"
    },
    {
      "name": "CVE-2018-3064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3064"
    },
    {
      "name": "CVE-2018-3077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3077"
    },
    {
      "name": "CVE-2018-3082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3082"
    },
    {
      "name": "CVE-2018-3070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3070"
    },
    {
      "name": "CVE-2018-3084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3084"
    },
    {
      "name": "CVE-2018-3065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3065"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-349",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2018-4258247 du 17 juillet 2018",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixMSQL"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2018verbose-4258253 du 17 juillet 2018",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018verbose-4258253.html#MSQL"
    }
  ]
}

CERTFR-2018-AVI-351

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un déni de service.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Virtualization	Oracle VM VirtualBox versions antérieures à 5.2.16
	Oracle	Virtualization	Oracle Secure Global Desktop versions 5.3 et 5.4

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2018verbose-4258253 du 17 juillet 2018	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2018-4258247 du 17 juillet 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 5.2.16",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Global Desktop versions 5.3 et 5.4",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-1000300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000300"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-3088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3088"
    },
    {
      "name": "CVE-2018-1305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1305"
    },
    {
      "name": "CVE-2018-3087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3087"
    },
    {
      "name": "CVE-2018-3005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3005"
    },
    {
      "name": "CVE-2018-3090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3090"
    },
    {
      "name": "CVE-2018-3085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3085"
    },
    {
      "name": "CVE-2018-3091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3091"
    },
    {
      "name": "CVE-2018-3086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3086"
    },
    {
      "name": "CVE-2018-3089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3089"
    },
    {
      "name": "CVE-2018-3055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3055"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-351",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle\nVirtualization. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un d\u00e9ni de service.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2018verbose-4258253 du 17 juillet 2018",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018verbose-4258253.html#OVIR"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2018-4258247 du 17 juillet 2018",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html#AppendixOVIR"
    }
  ]
}

CERTFR-2018-AVI-589

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.1.x antérieures à 6.1.1.6 iFix2
IBM	N/A	IBM Security SiteProtector System versions 3.0.0.x antérieures à 3.0.0.20
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.x antérieures à 7.0.4.0 iFix1
IBM	N/A	VRA - Vyatta 5600
IBM	WebSphere	IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.2.6.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.2.x antérieures à 6.2.0.6 iFix2
IBM	QRadar	IBM QRadar Network Security versions 5.5.x antérieures à 5.5.0.1
IBM	N/A	IBM DataPower Gateway versions 7.6.x antérieures à 7.6.0.3
IBM	N/A	IBM Social Program Management Design System versions antérieures à 1.4.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.0.5.x antérieures à 6.0.5.10 iFix4
IBM	N/A	IBM DataPower Gateway versions 7.1.x antérieures à 7.1.0.20
IBM	N/A	IBM DataPower Gateway versions 7.5.2.x antérieures à 7.2.10
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.0.x antérieures à 7.0.1.3
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.1.0
IBM	N/A	IBM DataPower Gateway versions 7.2.x antérieures à 7.2.0.17
IBM	QRadar	IBM QRadar Network Security versions 5.4.x antérieures à 5.4.0.6
IBM	N/A	IBM DataPower Gateway versions 7.5.1.x antérieures à 7.1.10
IBM	N/A	IBM Security SiteProtector System versions 3.1.1.x antérieures à 3.1.1.17
IBM	N/A	IBM DataPower Gateway versions 7.5.0.x antérieures à 7.5.0.11
IBM	WebSphere	WebSphere Application Server versions antérieures à 9.0.0.10
IBM	N/A	IBM Voice Gateway versions antérieures à 1.0.0.7a
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ibm10732880 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739019 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744291 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744157 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739035 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744557 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739985 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740799 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10743847 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10736137 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10742369 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739027 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744247 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744553 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740789 du 07 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.0.0.x ant\u00e9rieures \u00e0 3.0.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.x ant\u00e9rieures \u00e0 7.0.4.0 iFix1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VRA - Vyatta 5600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.2.6.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.5.x ant\u00e9rieures \u00e0 5.5.0.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.6.x ant\u00e9rieures \u00e0 7.6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Social Program Management Design System versions ant\u00e9rieures \u00e0 1.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.0.5.x ant\u00e9rieures \u00e0 6.0.5.10 iFix4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.2.x ant\u00e9rieures \u00e0 7.2.0.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.1.x ant\u00e9rieures \u00e0 7.1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.1.1.x ant\u00e9rieures \u00e0 3.1.1.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions ant\u00e9rieures \u00e0 9.0.0.10",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Voice Gateway versions ant\u00e9rieures \u00e0 1.0.0.7a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16058"
    },
    {
      "name": "CVE-2018-10873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10873"
    },
    {
      "name": "CVE-2018-3721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-10933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
    },
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2018-15594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15594"
    },
    {
      "name": "CVE-2018-16151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16151"
    },
    {
      "name": "CVE-2018-8039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039"
    },
    {
      "name": "CVE-2018-1656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
    },
    {
      "name": "CVE-2018-1671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1671"
    },
    {
      "name": "CVE-2018-2973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2973"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1652"
    },
    {
      "name": "CVE-2018-16842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
    },
    {
      "name": "CVE-2018-17182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
    },
    {
      "name": "CVE-2018-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2964"
    },
    {
      "name": "CVE-2018-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-14609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-14618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2018-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16056"
    },
    {
      "name": "CVE-2018-3180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
    },
    {
      "name": "CVE-2018-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1900"
    },
    {
      "name": "CVE-2018-14617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2018-16839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16839"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-14678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14678"
    },
    {
      "name": "CVE-2018-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-9516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
    },
    {
      "name": "CVE-2018-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
    },
    {
      "name": "CVE-2018-16152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16152"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    },
    {
      "name": "CVE-2018-14734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14734"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2018-1957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1957"
    },
    {
      "name": "CVE-2018-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1654"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    },
    {
      "name": "CVE-2018-8013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8013"
    },
    {
      "name": "CVE-2018-12539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
    },
    {
      "name": "CVE-2018-16276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-589",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-10T00:00:00.000000"
    },
    {
      "description": "Ajout de deux bulletins de s\u00e9curit\u00e9 IBM Lotus Protector",
      "revision_date": "2018-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10732880 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10732880"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739019 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744291 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744291"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744157 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739035 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739035"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744557 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739985 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739985"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740799 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740799"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10743847 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10743847"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10736137 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10736137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10742369 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10742369"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739027 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739027"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744247 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744247"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744553 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744553"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740789 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740789"
    }
  ]
}

CERTFR-2019-AVI-023

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Tape Library ACSLS version 8.4
Oracle	N/A	Sun ZFS Storage Appliance Kit (AK) versions antérieures à 8.8.2
Oracle	N/A	Oracle Solaris versions 10 et 11

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujan2019-5072801 du 15 janvier 2019	None	vendor-advisory
Bulletin de sécurité Oracle bulletinjan2019-5251593 du 15 janvier 2019	None	vendor-advisory
Bulletin de sécurité Oracle cpujan2019verbose-5072807 du 15 janvier 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tape Library ACSLS version 8.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Sun ZFS Storage Appliance Kit (AK) versions ant\u00e9rieures \u00e0 8.8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Solaris versions 10 et 11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-6913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6913"
    },
    {
      "name": "CVE-2017-1000456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000456"
    },
    {
      "name": "CVE-2018-19628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19628"
    },
    {
      "name": "CVE-2018-19158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19158"
    },
    {
      "name": "CVE-2018-13988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
    },
    {
      "name": "CVE-2017-14517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14517"
    },
    {
      "name": "CVE-2018-3282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3282"
    },
    {
      "name": "CVE-2016-0635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0635"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-1000115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000115"
    },
    {
      "name": "CVE-2018-9918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9918"
    },
    {
      "name": "CVE-2019-2545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2545"
    },
    {
      "name": "CVE-2019-2541",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2541"
    },
    {
      "name": "CVE-2018-0734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
    },
    {
      "name": "CVE-2019-2544",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2544"
    },
    {
      "name": "CVE-2018-3247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3247"
    },
    {
      "name": "CVE-2018-1275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1275"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2019-2543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2543"
    },
    {
      "name": "CVE-2017-5645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
    },
    {
      "name": "CVE-2017-18267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
    },
    {
      "name": "CVE-2019-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2412"
    },
    {
      "name": "CVE-2016-8705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8705"
    },
    {
      "name": "CVE-2018-17183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17183"
    },
    {
      "name": "CVE-2019-2437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2437"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-5407",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
    },
    {
      "name": "CVE-2018-3070",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3070"
    },
    {
      "name": "CVE-2018-15909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15909"
    },
    {
      "name": "CVE-2018-11763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11763"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-023",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-01-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019-5072801 du 15 janvier 2019",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixSUNS"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle bulletinjan2019-5251593 du 15 janvier 2019",
      "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019verbose-5072807 du 15 janvier 2019",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019verbose-5072807.html#SUNS"
    }
  ]
}

CERTFR-2019-AVI-325

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos Space	Junos Space versions antérieures à 19.2R1
Juniper Networks	Secure Analytics	Juniper Secure Analytics (JSA) versions antérieures à 7.3.2 Patch 1
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 12.3X48-D90, 14.1X53-D130, 14.1X53-D49, 14.1X53-D51, 15.1F6-S12, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X53-D237, 15.1X53-D238, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S3, 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3, 17.2R3-S1, 17.2X75-D105, 17.3R3-S2, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R3, 18.1R2-S4, 18.1R3-S2, 18.1R3-S3, 18.1R3-S5, 18.1R3-S6, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D12, 18.2X75-D30, 18.2X75-D40, 18.2X75-D50, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R2, 19.1R1, 19.1R1-S1, 19.1R2 et 19.2R1
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D115, 14.1X53-D51, 16.1R7-S5, 17.1R3, 17.2R3, 17.2R3-S2, 17.3R3-S2, 17.3R3-S3, 17.4R2, 17.4R2-S5, 17.4R3, 18.1R3, 18.1R3-S1, 18.2R2, 18.3R1, 18.3R2 et 18.4R1 sur séries EX4300
Juniper Networks	N/A	Junos OS avec J-Web activé versions antérieures à 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5 et 18.2R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10938 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10946 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10942 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10949 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10943 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10951 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10950 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10948 du 10 juillet 2019	None	vendor-advisory
Bulletin de sécurité Juniper JSA10947 du 10 juillet 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 19.2R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Secure Analytics (JSA) versions ant\u00e9rieures \u00e0 7.3.2 Patch 1",
      "product": {
        "name": "Secure Analytics",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3X48-D80, 12.3X48-D85, 12.3X48-D90, 14.1X53-D130, 14.1X53-D49, 14.1X53-D51, 15.1F6-S12, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X49-D171, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X53-D237, 15.1X53-D238, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69, 16.1R3-S11, 16.1R7-S3, 16.1R7-S4, 16.1R7-S5, 16.2R2-S9, 17.1R3, 17.2R1-S8, 17.2R2-S7, 17.2R3, 17.2R3-S1, 17.2X75-D105, 17.3R3-S2, 17.3R3-S4, 17.4R1-S6, 17.4R1-S7, 17.4R1-S8, 17.4R2-S2, 17.4R2-S3, 17.4R2-S4, 17.4R2-S5, 17.4R3, 18.1R2-S4, 18.1R3-S2, 18.1R3-S3, 18.1R3-S5, 18.1R3-S6, 18.2R1-S5, 18.2R2, 18.2R2-S1, 18.2R2-S2, 18.2R2-S3, 18.2R3, 18.2X75-D12, 18.2X75-D30, 18.2X75-D40, 18.2X75-D50, 18.3R1-S2, 18.3R1-S3, 18.3R1-S4, 18.3R2, 18.4R1, 18.4R1-S1, 18.4R1-S2, 18.4R2, 19.1R1, 19.1R1-S1, 19.1R2 et 19.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D115, 14.1X53-D51, 16.1R7-S5, 17.1R3, 17.2R3, 17.2R3-S2, 17.3R3-S2, 17.3R3-S3, 17.4R2, 17.4R2-S5, 17.4R3, 18.1R3, 18.1R3-S1, 18.2R2, 18.3R1, 18.3R2 et 18.4R1 sur s\u00e9ries EX4300",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS avec J-Web activ\u00e9 versions ant\u00e9rieures \u00e0 12.3R12-S14, 12.3X48-D80, 15.1F6-S13, 15.1R7-S4, 15.1X49-D170, 15.1X53-D497, 16.1R4-S13, 16.1R7-S5, 16.2R2-S10, 17.1R3, 17.2R2-S7, 17.2R3-S1, 17.3R3-S5, 17.4R1-S7, 17.4R2-S4, 17.4R3, 18.1R3-S5 et 18.2R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-8615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
    },
    {
      "name": "CVE-2019-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0049"
    },
    {
      "name": "CVE-2018-1060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1060"
    },
    {
      "name": "CVE-2016-8619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
    },
    {
      "name": "CVE-2018-15505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15505"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2019-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0048"
    },
    {
      "name": "CVE-2016-8624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
    },
    {
      "name": "CVE-2016-8616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
    },
    {
      "name": "CVE-2016-8620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
    },
    {
      "name": "CVE-2016-8617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
    },
    {
      "name": "CVE-2019-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0053"
    },
    {
      "name": "CVE-2016-8618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
    },
    {
      "name": "CVE-2019-5739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5739"
    },
    {
      "name": "CVE-2019-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0052"
    },
    {
      "name": "CVE-2016-8623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
    },
    {
      "name": "CVE-2019-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0046"
    },
    {
      "name": "CVE-2018-12327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12327"
    },
    {
      "name": "CVE-2018-11237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
    },
    {
      "name": "CVE-2016-8621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
    },
    {
      "name": "CVE-2018-1061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1061"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2018-15504",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15504"
    },
    {
      "name": "CVE-2016-8622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
    },
    {
      "name": "CVE-2019-6133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6133"
    },
    {
      "name": "CVE-2016-8625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
    },
    {
      "name": "CVE-2018-1729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1729"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-325",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-07-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10938 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10938\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10946 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10946\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10942 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10942\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10949 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10949\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10943 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10943\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10951 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10951\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10950 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10950\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10948 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10948\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10947 du 10 juillet 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10947\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2020-AVI-015

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SBR Carrier versions 8.5.x antérieures à 8.5.0R4
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D12 sur séries QFX5100 et EX4600
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à R1912
Juniper Networks	N/A	Juniper Networks SBR Carrier versions antérieures à 8.4.1R19
Juniper Networks	Junos Space	Junos Space versions antérieures à 19.4R1
Juniper Networks	Junos OS	Junos OS versions antérieures à 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur séries MX
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur série EX4300
Juniper Networks	Junos OS	Junos OS versions antérieures à 14.1X53-D52 sur séries QFX3500
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10992 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10986 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10985 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10980 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10981 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10983 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10979 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10987 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10982 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10990 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10991 du 08 janvier 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10993 du 08 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SBR Carrier versions 8.5.x ant\u00e9rieures \u00e0 8.5.0R4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 15.1, 15.1X49, 15.1X53, 16.1, 16.2, 17.1, 17.2, 17.3, 17.4, 18.1, 18.2, 18.3, 18.4, 19.1, 19.2 et 19.3",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D12 sur s\u00e9ries QFX5100 et EX4600",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 R1912",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks SBR Carrier versions ant\u00e9rieures \u00e0 8.4.1R19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Space versions ant\u00e9rieures \u00e0 19.4R1",
      "product": {
        "name": "Junos Space",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 17.2R3-S3, 17.3R2-S5, 17.3R3-S5, 17.4R2-S7, 17.4R3, 18.1R3-S6, 18.2R3-S2, 18.2X75-D51, 18.2X75-D60, 18.3R3, 18.4R2, 19.1R1-S3, 19.1R2, 19.2R1-S2, 19.2R2 et 19.3R1 sur s\u00e9ries MX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D48, 15.1R7-S3, 16.1R7, 17.1R3, 17.2R3, 17.3R2-S5, 17.3R3, 17.4R2, 18.1R3, 18.2R2 et 18.3R1 sur s\u00e9rie EX4300",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 14.1X53-D52 sur s\u00e9ries QFX3500",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S13, 12.3R12-S15, 12.3X48-D85, 12.3X48-D86, 12.3X48-D90, 14.1X53-D51, 15.1F6-S13, 15.1F6-S13,15.1R7-S5, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X53-D238, 15.1X53-D496, 15.1X53-D592, 16.1R4-S13, 16.1R7-S4, 16.1R7-S5, 16.1R7-S6, 16.2R2-S10, 16.2R2-S10,17.1R2-S11, 16.2R2-S11, 16.2R2-S9, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.2R1-S9, 17.2R2-S8, 17.2R3-S2, 17.2R3-S3, 17.3R2-S5, 17.3R2-S6, 17.3R3-S3, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R2-S2, 17.4R2-S4, 17.4R2-S5, 17.4R2-S6, 17.4R2-S9, 17.4R3, 18.1R3-S2, 18.1R3-S5, 18.1R3-S7, 18.1R3-S7,18.2R2-S5, 18.1R3-S8, 18.2R2-S6, 18.2R3, 18.2R3-S2, 18.2X75-D40, 18.2X75-D410, 18.2X75-D50, 18.3R1-S6, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.4R1-S2, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S2, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.2R1, 19.2R1-S2, 19.2R2 et 19.3R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-12749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12749"
    },
    {
      "name": "CVE-2019-1125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1125"
    },
    {
      "name": "CVE-2019-17267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2019-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1071"
    },
    {
      "name": "CVE-2020-1611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1611"
    },
    {
      "name": "CVE-2018-1336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1336"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2018-5743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5743"
    },
    {
      "name": "CVE-2014-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
    },
    {
      "name": "CVE-2018-9568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9568"
    },
    {
      "name": "CVE-2019-12735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12735"
    },
    {
      "name": "CVE-2019-11810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11810"
    },
    {
      "name": "CVE-2020-1606",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1606"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2019-9636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
    },
    {
      "name": "CVE-2020-1608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1608"
    },
    {
      "name": "CVE-2020-1602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1602"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-19919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
    },
    {
      "name": "CVE-2017-17805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
    },
    {
      "name": "CVE-2018-17972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17972"
    },
    {
      "name": "CVE-2008-6123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
    },
    {
      "name": "CVE-2020-1601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1601"
    },
    {
      "name": "CVE-2017-2595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2595"
    },
    {
      "name": "CVE-2016-7061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7061"
    },
    {
      "name": "CVE-2019-5489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
    },
    {
      "name": "CVE-2017-12174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12174"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-9824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-9824"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2020-1607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1607"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2019-14835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14835"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2019-1073",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1073"
    },
    {
      "name": "CVE-2020-1604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1604"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2020-1603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1603"
    },
    {
      "name": "CVE-2008-4309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4309"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2020-1609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1609"
    },
    {
      "name": "CVE-2020-1605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1605"
    },
    {
      "name": "CVE-2020-1600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1600"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10992 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10992\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10986 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10986\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10985 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10985\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10980 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10980\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10981 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10981\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10983 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10983\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10979 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10979\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10987 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10987\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10982 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10982\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10990 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10990\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10991 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10991\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10993 du 08 janvier 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10993\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2020-AVI-198

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS Evolved	Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO
Owncloud	Core	JATP-OS All-In-One et JATP-OS Core versions antérieures à 5.0.6.0
N/A	N/A	Série NFX250 versions antérieures à 19.2R1
N/A	N/A	JSA versions antérieures à 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11004 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10997 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11002 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10994 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11003 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10998 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11010 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11013 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11009 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11016 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10999 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11014 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11006 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11008 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11005 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11001 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA10996 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11007 du 08 avril 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11000 du 08 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS Evolved 19.1R1-EVO, 19.2R1-EVO et 19.3R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "JATP-OS All-In-One et JATP-OS Core versions ant\u00e9rieures \u00e0 5.0.6.0",
      "product": {
        "name": "Core",
        "vendor": {
          "name": "Owncloud",
          "scada": false
        }
      }
    },
    {
      "description": "S\u00e9rie NFX250 versions ant\u00e9rieures \u00e0 19.2R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "JSA versions ant\u00e9rieures \u00e0 7.3.2 Patch 5 et 7.3.3 Patch 1 FixPack 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D86, 12.3R12-S14, 12.3X48-D80, 12.3X48-D86, 12.3X48-D90, 12.3X48-D95, 14.1X53-D51, 14.1X53-D53, 15.1F6-S13, 15.1R7-S4, 15.1R7-S5, 15.1R7-S6, 15.1X49-D180, 15.1X49-D181, 15.1X49-D190, 15.1X49-D200, 15.1X49-D210, 15.1X53-D238, 15.1X53-D497, 15.1X53-D592, 15.1X53-D593, 16.1R4-S13, 16.1R7-S4, 16.1R7-S6, 16.1R7-S7, 16.2R2-S10, 16.2R2-S11, 17.1R2-S11, 17.1R3, 17.1R3-S1, 17.1R3-S2, 17.2R1-S9, 17.2R2-S7, 17.2R2-S8, 17.2R3, 17.2R3-S3, 17.2X75-D102, 17.2X75-D105, 17.2X75-D110, 17.2X75-D44, 17.3R2-S5, 17.3R3-S5, 17.3R3-S6, 17.3R3-S7, 17.4R1-S8, 17.4R2, 17.4R2-S5, 17.4R2-S6, 17.4R2-S7, 17.4R2-S8, 17.4R2-S9, 17.4R3, 18.1R2-S4, 18.1R3, 18.1R3-S4, 18.1R3-S7, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S5, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S1, 18.2R3-S2, 18.2R3-S3, 18.2X75-D12, 18.2X75-D20, 18.2X75-D30, 18.2X75-D33, 18.2X75-D410, 18.2X75-D411, 18.2X75-D420, 18.2X75-D50, 18.2X75-D51, 18.2X75-D60, 18.3R1-S5, 18.3R1-S6, 18.3R1-S7, 18.3R2, 18.3R2-S1, 18.3R2-S2, 18.3R2-S3, 18.3R3, 18.3R3-S1, 18.4R1, 18.4R1-S4, 18.4R1-S5, 18.4R1-S6, 18.4R2, 18.4R2-S1, 18.4R2-S2, 18.4R2-S3, 18.4R3, 19.1R1, 19.1R1-S2, 19.1R1-S3, 19.1R1-S4, 19.1R2, 19.1R3, 19.2R1, 19.2R1-S1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R2, 19.3R1, 19.3R1-S1, 19.3R2, 19.3R3 et 19.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-4556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4556"
    },
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2020-1621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1621"
    },
    {
      "name": "CVE-2019-4509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4509"
    },
    {
      "name": "CVE-2019-4454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4454"
    },
    {
      "name": "CVE-2019-10173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10173"
    },
    {
      "name": "CVE-2020-1626",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1626"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2020-1627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1627"
    },
    {
      "name": "CVE-2020-1620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1620"
    },
    {
      "name": "CVE-2019-4581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4581"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2018-6918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6918"
    },
    {
      "name": "CVE-2018-1139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1139"
    },
    {
      "name": "CVE-2020-1615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1615"
    },
    {
      "name": "CVE-2018-11784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11784"
    },
    {
      "name": "CVE-2016-1285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1285"
    },
    {
      "name": "CVE-2020-1616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1616"
    },
    {
      "name": "CVE-2020-1618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1618"
    },
    {
      "name": "CVE-2018-10858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10858"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4470"
    },
    {
      "name": "CVE-2013-7285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7285"
    },
    {
      "name": "CVE-2020-1632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1632"
    },
    {
      "name": "CVE-2020-1622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1622"
    },
    {
      "name": "CVE-2020-1634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1634"
    },
    {
      "name": "CVE-2018-6916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6916"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2020-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1623"
    },
    {
      "name": "CVE-2018-11237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11237"
    },
    {
      "name": "CVE-2020-1619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1619"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2019-0071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0071"
    },
    {
      "name": "CVE-2020-1629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1629"
    },
    {
      "name": "CVE-2020-1624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1624"
    },
    {
      "name": "CVE-2020-1625",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1625"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2020-1630",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1630"
    },
    {
      "name": "CVE-2016-1286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1286"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2019-4559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-4559"
    },
    {
      "name": "CVE-2020-1613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1613"
    },
    {
      "name": "CVE-2020-1617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1617"
    },
    {
      "name": "CVE-2020-1614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1614"
    },
    {
      "name": "CVE-2020-1628",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1628"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-198",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11004 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11004\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10997 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10997\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11002 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11002\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10994 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10994\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11003 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11003\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10998 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10998\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11010 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11010\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11013 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11013\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11009 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11009\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11016 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11016\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10999 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10999\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11014 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11014\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11006 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11006\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11008 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11008\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11005 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11005\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11001 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11001\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10996 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10996\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11007 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11007\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11000 du 08 avril 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11000\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0739 (GCVE-0-2018-0739)

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature