cvelistv5 - cve-2010-0742

CVE-2010-0742 (GCVE-0-2010-0742)

Vulnerability from cvelistv5

Published

2010-06-03 14:00

Modified

2024-08-07 00:59

Severity ?

CWE

Summary

The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors.

References

URL

Tags

	http://rt.openssl.org/Ticket/Display.html?id=2211&user=guest&pass=guest	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/1313	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/40024	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42724	third-party-advisory, x_refsource_SECUNIA
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395	vdb-entry, signature, x_refsource_OVAL
	http://www.securityfocus.com/bid/40502	vdb-entry, x_refsource_BID
	http://marc.info/?l=bugtraq&m=129138643405740&w=2	vendor-advisory, x_refsource_HP
	http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/3105	vdb-entry, x_refsource_VUPEN
	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html	mailing-list, x_refsource_MLIST
	http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c&v1=1.8&v2=1.8.6.1	x_refsource_CONFIRM
	http://secunia.com/advisories/57353	third-party-advisory, x_refsource_SECUNIA
	https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html	mailing-list, x_refsource_MLIST
	https://bugzilla.redhat.com/show_bug.cgi?id=598738	x_refsource_CONFIRM
	http://marc.info/?l=bugtraq&m=129138643405740&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/40000	third-party-advisory, x_refsource_SECUNIA
	https://kb.bluecoat.com/index?page=content&id=SA50	x_refsource_CONFIRM
	http://secunia.com/advisories/42733	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/42457	third-party-advisory, x_refsource_SECUNIA
	http://cvs.openssl.org/chngview?cn=19693	x_refsource_CONFIRM
	http://www.openssl.org/news/secadv_20100601.txt	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:59:38.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://rt.openssl.org/Ticket/Display.html?id=2211\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "ADV-2010-1313",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1313"
          },
          {
            "name": "40024",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40024"
          },
          {
            "name": "42724",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42724"
          },
          {
            "name": "oval:org.mitre.oval:def:12395",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395"
          },
          {
            "name": "40502",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40502"
          },
          {
            "name": "HPSBUX02610",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129138643405740\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
          },
          {
            "name": "ADV-2010-3105",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3105"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c\u0026v1=1.8\u0026v2=1.8.6.1"
          },
          {
            "name": "57353",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57353"
          },
          {
            "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598738"
          },
          {
            "name": "SSRT100341",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=129138643405740\u0026w=2"
          },
          {
            "name": "40000",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40000"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
          },
          {
            "name": "42733",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42733"
          },
          {
            "name": "42457",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42457"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.openssl.org/chngview?cn=19693"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.openssl.org/news/secadv_20100601.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://rt.openssl.org/Ticket/Display.html?id=2211\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "ADV-2010-1313",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1313"
        },
        {
          "name": "40024",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40024"
        },
        {
          "name": "42724",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42724"
        },
        {
          "name": "oval:org.mitre.oval:def:12395",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12395"
        },
        {
          "name": "40502",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40502"
        },
        {
          "name": "HPSBUX02610",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129138643405740\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
        },
        {
          "name": "ADV-2010-3105",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3105"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.0.6a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/filediff?f=openssl/crypto/cms/cms_asn1.c\u0026v1=1.8\u0026v2=1.8.6.1"
        },
        {
          "name": "57353",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57353"
        },
        {
          "name": "[syslog-ng-announce] 20110110 syslog-ng Premium Edition 3.2.1a has been released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=598738"
        },
        {
          "name": "SSRT100341",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=129138643405740\u0026w=2"
        },
        {
          "name": "40000",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40000"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA50"
        },
        {
          "name": "42733",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42733"
        },
        {
          "name": "42457",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42457"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.openssl.org/chngview?cn=19693"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.openssl.org/news/secadv_20100601.txt"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-0742",
    "datePublished": "2010-06-03T14:00:00.000Z",
    "dateReserved": "2010-02-26T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:59:38.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-033

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SRC Series versions antérieures à 4.12.0R6
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à 1911.31
Juniper Networks	Junos OS Evolved	Juniper Junos OS Evolved versions antérieures à 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S2-EVO, 20.1R1-S4-EVO, 20.1R2-S1-EVO, 20.2R1-EVO, 20.3R1-S1-EVO, 20.3R2-EVO et 20.4R1-EVO
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R12-S17, 12.3X48-D105, 14.1X53-D53, 15.1R7-S6, 15.1R7-S7, 15.1R7-S8, 15.1X49-D230, 15.1X49-D240, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S11, 17.4R2-S12, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S9, 18.2R2-S7, 18.2R2-S8, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2X75-D34, 18.3R2-S4, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.4R1-S5, 18.4R1-S8, 18.4R2-S3, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 19.1R1-S4, 19.1R1-S5, 19.1R1-S6, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.2R1-S2, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R2-S1, 19.2R3, 19.2R3-S1, 19.3R2, 19.3R2-S1, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.4R1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R2-S1, 19.4R2-S2, 19.4R2-S3, 19.4R3, 19.4R3-S1, 20.1R1 , 20.1R1-S2, 20.1R1-S3, 20.1R1-S4, 20.1R2, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R1-S3, 20.2R2, 20.3R1, 20.3R1-S1, 20.3R2 et 20.4R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11096 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11098 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11097 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11094 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11104 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11099 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11093 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11101 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11088 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11092 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11091 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11100 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11095 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11090 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11102 du 13 janvier 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SRC Series versions ant\u00e9rieures \u00e0 4.12.0R6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 1911.31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS Evolved versions ant\u00e9rieures \u00e0 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S2-EVO, 20.1R1-S4-EVO, 20.1R2-S1-EVO, 20.2R1-EVO, 20.3R1-S1-EVO, 20.3R2-EVO et 20.4R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S17, 12.3X48-D105, 14.1X53-D53, 15.1R7-S6, 15.1R7-S7, 15.1R7-S8, 15.1X49-D230, 15.1X49-D240, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S11, 17.4R2-S12, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S9, 18.2R2-S7, 18.2R2-S8, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2X75-D34, 18.3R2-S4, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.4R1-S5, 18.4R1-S8, 18.4R2-S3, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 19.1R1-S4, 19.1R1-S5, 19.1R1-S6, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.2R1-S2, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R2-S1, 19.2R3, 19.2R3-S1, 19.3R2, 19.3R2-S1, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.4R1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R2-S1, 19.4R2-S2, 19.4R2-S3, 19.4R3, 19.4R3-S1, 20.1R1 , 20.1R1-S2, 20.1R1-S3, 20.1R1-S4, 20.1R2, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R1-S3, 20.2R2, 20.3R1, 20.3R1-S1, 20.3R2 et 20.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0207"
    },
    {
      "name": "CVE-2021-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0222"
    },
    {
      "name": "CVE-2018-20997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20997"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2013-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
    },
    {
      "name": "CVE-2021-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0206"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2021-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0202"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2013-5607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5607"
    },
    {
      "name": "CVE-2021-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0211"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2020-8617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
    },
    {
      "name": "CVE-2021-0203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0203"
    },
    {
      "name": "CVE-2021-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0205"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2021-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0209"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2011-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2021-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0208"
    },
    {
      "name": "CVE-2019-13565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
    },
    {
      "name": "CVE-2021-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0212"
    },
    {
      "name": "CVE-2020-8616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
    },
    {
      "name": "CVE-2021-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0210"
    },
    {
      "name": "CVE-2014-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1545"
    }
  ],
  "initial_release_date": "2021-01-14T00:00:00",
  "last_revision_date": "2021-01-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-033",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11096 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11096\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11098 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11098\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11097 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11097\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11094 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11094\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11104 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11104\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11099 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11099\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11093 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11093\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11101 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11101\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11088 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11088\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11092 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11092\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11091 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11091\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11100 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11100\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11095 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11095\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11090 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11090\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11102 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11102\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTA-2011-AVI-032

Vulnerability from certfr_avis

Plusieurs vulnérabilités sont présentes dans syslog-ng. Elles permettent de contourner la politique de sécurité ou de provoquer un déni de service à distance.

Description

Plusieurs vulnérabilités sont présentes dans syslog-ng.

L'une d'elles permet de contourner la politique de sécurité en raison d'un mauvais positionnement des droits d'accès sur des fichiers.

Les autres sont exploitables pour provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

syslog-ng Open Source Edition :

versions 3.0.x antérieures à la version 3.0.10 ;
versions 3.1.x antérieures à la version 3.1.4 ;
versions 3.2.x antérieures à la version 3.2.2.

syslog-ng Premium Edition :

versions 3.0.x antérieures à la version 3.0.6a ;
versions 3.2.x antérieures à la version 3.2.1a.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonces des versions de syslog-ng des 07, 14 et 16 janvier 2011	None	vendor-advisory
Annonces des versions de syslog-ng du 14 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 14 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 16 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 07 janvier 2011 :	-	other
Annonces des versions de syslog-ng du 07 janvier 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003esyslog-ng Open Source Edition :  \u003cUL\u003e    \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.10 ;\u003c/LI\u003e    \u003cLI\u003eversions 3.1.x ant\u00e9rieures \u00e0 la version 3.1.4 ;\u003c/LI\u003e    \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.2.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003esyslog-ng Premium Edition :\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eversions 3.0.x ant\u00e9rieures \u00e0 la version 3.0.6a ;\u003c/LI\u003e    \u003cLI\u003eversions 3.2.x ant\u00e9rieures \u00e0 la version 3.2.1a.\u003c/LI\u003e  \u003c/UL\u003e\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng.\n\nL\u0027une d\u0027elles permet de contourner la politique de s\u00e9curit\u00e9 en raison\nd\u0027un mauvais positionnement des droits d\u0027acc\u00e8s sur des fichiers.\n\nLes autres sont exploitables pour provoquer un d\u00e9ni de service \u00e0\ndistance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2011-0343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0343"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    }
  ],
  "initial_release_date": "2011-01-26T00:00:00",
  "last_revision_date": "2011-01-26T00:00:00",
  "links": [
    {
      "title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000103.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 14 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000104.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 16 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000105.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000102.html"
    },
    {
      "title": "Annonces des versions de syslog-ng du 07 janvier 2011 :",
      "url": "https://lists.balabit.com/pipermail/syslog-ng-announce/2011-January/000101.html"
    }
  ],
  "reference": "CERTA-2011-AVI-032",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-01-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans syslog-ng. Elles permettent\nde contourner la politique de s\u00e9curit\u00e9 ou de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans syslog-ng",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonces des versions de syslog-ng des 07, 14 et 16 janvier 2011",
      "url": null
    }
  ]
}

CERTA-2010-AVI-627

Vulnerability from certfr_avis

De nombreuses vulnérabilités, liées à l'utilisation de versions anciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus dommageables permettent à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Solution

Pour la version 9, la révision 9.2.4.1 remédie à ces vulnérabilités. Le correctif de la version 8 n'est pas encore disponible.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Blue Coat Reporter, versions 8.x et 9.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Blue Coat SA50 du 19 novembre 2010

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBlue Coat Reporter, versions 8.x et  9.x.\u003c/p\u003e",
  "content": "## Description\n\nDe nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n\n## Solution\n\nPour la version 9, la r\u00e9vision 9.2.4.1 rem\u00e9die \u00e0 ces vuln\u00e9rabilit\u00e9s. Le\ncorrectif de la version 8 n\u0027est pas encore disponible.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2010-0433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0433"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2009-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0789"
    },
    {
      "name": "CVE-2009-1379",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1379"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0591"
    },
    {
      "name": "CVE-2009-1378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1378"
    },
    {
      "name": "CVE-2009-1377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1377"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2010-0740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0740"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2009-4355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-4355"
    }
  ],
  "initial_release_date": "2010-12-23T00:00:00",
  "last_revision_date": "2010-12-23T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-627",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s, li\u00e9es \u00e0 l\u0027utilisation de versions\nanciennes du code OpenSSL, affectent Blue Coat Reporter. Les plus\ndommageables permettent \u00e0 un utilisateur malveillant d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Blue Coat Reporter",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA50 du 19 novembre 2010",
      "url": "http://kb.bluecoat.com/index?page=content\u0026id=SA50"
    }
  ]
}

CERTA-2010-AVI-237

Vulnerability from certfr_avis

Deux vulnérabilités ont été découvertes dans OpenSSL et permettent à une personne malintentionnée de contourner la politique de sécurité ou d'exécuter du code arbitraire à distance.

Description

Deux vulnérabilités ont été découvertes dans OpenSSL :

une erreur dans la gestion des données OriginatorInfo de la structure CMS permet à une personne malintentionnée d'exécuter du code arbitraire à distance (CVE-2010-0742) ;
une erreur dans la fonction EVP_PKEY_verify_recover() permet à une personne malintentionnée de contourner le système de vérification des clés (CVE-2010-1633).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	OpenSSL	OpenSSL	OpenSSL versions antérieures à la 0.9.8o ;
	OpenSSL	OpenSSL	OpenSSL versions antérieures à la 1.0.0a.

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 01 juin 2010	None	vendor-advisory
Bulletin de sécurité HP c2629503 du 01 décembre 2010 :	-	other
Bulletin de sécurité HP c2629503 du 01 décembre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions ant\u00e9rieures \u00e0 la 0.9.8o ;",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions ant\u00e9rieures \u00e0 la 1.0.0a.",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL :\n\n-   une erreur dans la gestion des donn\u00e9es OriginatorInfo de la\n    structure CMS permet \u00e0 une personne malintentionn\u00e9e d\u0027ex\u00e9cuter du\n    code arbitraire \u00e0 distance (CVE-2010-0742) ;\n-   une erreur dans la fonction EVP_PKEY_verify_recover() permet \u00e0 une\n    personne malintentionn\u00e9e de contourner le syst\u00e8me de v\u00e9rification\n    des cl\u00e9s (CVE-2010-1633).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2010-1633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1633"
    }
  ],
  "initial_release_date": "2010-06-04T00:00:00",
  "last_revision_date": "2010-12-03T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c2629503 du 01 d\u00e9cembre 2010 :",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c2629503"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 HP c2629503 du 01 d\u00e9cembre 2010 :",
      "url": "http://www13.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c2629503"
    }
  ],
  "reference": "CERTA-2010-AVI-237",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-06-04T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin HP.",
      "revision_date": "2010-12-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL et permettent \u00e0 une\npersonne malintentionn\u00e9e de contourner la politique de s\u00e9curit\u00e9 ou\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 01 juin 2010",
      "url": "http://www.openssl.org/news/secadv_20100601.txt"
    }
  ]
}

CERTFR-2021-AVI-669

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021	None	vendor-advisory
Bulletin de sécurité Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-2004 : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme OnCell G3470A sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WDR-3124A : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-1001 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme TAP-323 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2012-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2136"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2018-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6485"
    },
    {
      "name": "CVE-2017-7618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2010-4805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4805"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2017-11176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
    },
    {
      "name": "CVE-2016-4997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2021-39279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39279"
    },
    {
      "name": "CVE-2021-39278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39278"
    },
    {
      "name": "CVE-2012-6638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6638"
    },
    {
      "name": "CVE-2014-2523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2523"
    },
    {
      "name": "CVE-2016-10229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
    },
    {
      "name": "CVE-2016-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2011-0709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0709"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2014-3512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3512"
    },
    {
      "name": "CVE-2012-3552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3552"
    },
    {
      "name": "CVE-2012-6701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6701"
    },
    {
      "name": "CVE-2017-1000111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
    },
    {
      "name": "CVE-2019-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3896"
    },
    {
      "name": "CVE-2012-6704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2016-8717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8717"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2016-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2014-9984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9984"
    },
    {
      "name": "CVE-2009-1298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1298"
    },
    {
      "name": "CVE-2015-1465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1465"
    },
    {
      "name": "CVE-2012-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4412"
    },
    {
      "name": "CVE-2014-9402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9402"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2016-7117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    },
    {
      "name": "CVE-2015-7547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
    },
    {
      "name": "CVE-2014-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5119"
    },
    {
      "name": "CVE-2017-8890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
    },
    {
      "name": "CVE-2016-7406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7406"
    },
    {
      "name": "CVE-2013-7470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7470"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2012-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2010-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2692"
    },
    {
      "name": "CVE-2016-2148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2148"
    },
    {
      "name": "CVE-2010-3848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3848"
    },
    {
      "name": "CVE-2010-1162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1162"
    }
  ],
  "initial_release_date": "2021-09-01T00:00:00",
  "last_revision_date": "2021-09-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-669",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-0742 (GCVE-0-2010-0742)

Vulnerability from cvelistv5

CERTFR-2021-AVI-033

Vulnerability from certfr_avis

Solution

CERTA-2011-AVI-032

Vulnerability from certfr_avis

Description

Solution

CERTA-2010-AVI-627

Vulnerability from certfr_avis

Description

Solution

CERTA-2010-AVI-237

Vulnerability from certfr_avis

Description

Solution

CERTFR-2021-AVI-669

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature