cvelistv5 - cve-2017-3732

CVE-2017-3732 (GCVE-0-2017-3732)

Vulnerability from cvelistv5

Published

2017-05-04 19:00

Modified

2024-09-16 22:08

Severity ?

CWE

carry-propagating bug

Summary

There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:2185	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2186	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2713	vendor-advisory, x_refsource_REDHAT
	https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b	x_refsource_MISC
	https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc	vendor-advisory, x_refsource_FREEBSD
	https://www.openssl.org/news/secadv/20170126.txt	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1037717	vdb-entry, x_refsource_SECTRACK
	https://access.redhat.com/errata/RHSA-2018:2575	vendor-advisory, x_refsource_REDHAT
	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	x_refsource_CONFIRM
	https://www.tenable.com/security/tns-2017-04	x_refsource_CONFIRM
	https://security.gentoo.org/glsa/201702-07	vendor-advisory, x_refsource_GENTOO
	https://access.redhat.com/errata/RHSA-2018:2568	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/95814	vdb-entry, x_refsource_BID
	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03838en_us	x_refsource_CONFIRM
	https://access.redhat.com/errata/RHSA-2018:2187	vendor-advisory, x_refsource_REDHAT
	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: openssl-1.1.0 Version: openssl-1.1.0a Version: openssl-1.1.0b Version: openssl-1.1.0c Version: openssl-1.0.2 Version: openssl-1.0.2a Version: openssl-1.0.2b Version: openssl-1.0.2c Version: openssl-1.0.2d Version: openssl-1.0.2e Version: openssl-1.0.2f Version: openssl-1.0.2g Version: openssl-1.0.2h Version: openssl-1.0.2i Version: openssl-1.0.2j

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T14:39:40.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2185",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2185"
          },
          {
            "name": "RHSA-2018:2186",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2186"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "RHSA-2018:2713",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2713"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
          },
          {
            "name": "FreeBSD-SA-17:02",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20170126.txt"
          },
          {
            "name": "1037717",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037717"
          },
          {
            "name": "RHSA-2018:2575",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2575"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2017-04"
          },
          {
            "name": "GLSA-201702-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201702-07"
          },
          {
            "name": "RHSA-2018:2568",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2568"
          },
          {
            "name": "95814",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
          },
          {
            "name": "RHSA-2018:2187",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2187"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "openssl-1.1.0"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0a"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0b"
            },
            {
              "status": "affected",
              "version": "openssl-1.1.0c"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2a"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2b"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2c"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2d"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2e"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2f"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2g"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2h"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2i"
            },
            {
              "status": "affected",
              "version": "openssl-1.0.2j"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "OSS-Fuzz project"
        }
      ],
      "datePublic": "2017-01-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "carry-propagating bug",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-23T19:08:15.000Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "RHSA-2018:2185",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2185"
        },
        {
          "name": "RHSA-2018:2186",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2186"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "RHSA-2018:2713",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2713"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
        },
        {
          "name": "FreeBSD-SA-17:02",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20170126.txt"
        },
        {
          "name": "1037717",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037717"
        },
        {
          "name": "RHSA-2018:2575",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2575"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2017-04"
        },
        {
          "name": "GLSA-201702-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201702-07"
        },
        {
          "name": "RHSA-2018:2568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2568"
        },
        {
          "name": "95814",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
        },
        {
          "name": "RHSA-2018:2187",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2187"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        }
      ],
      "title": "BN_mod_exp may produce incorrect results on x86_64",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2017-01-26",
          "ID": "CVE-2017-3732",
          "STATE": "PUBLIC",
          "TITLE": "BN_mod_exp may produce incorrect results on x86_64"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "openssl-1.1.0"
                          },
                          {
                            "version_value": "openssl-1.1.0a"
                          },
                          {
                            "version_value": "openssl-1.1.0b"
                          },
                          {
                            "version_value": "openssl-1.1.0c"
                          },
                          {
                            "version_value": "openssl-1.0.2"
                          },
                          {
                            "version_value": "openssl-1.0.2a"
                          },
                          {
                            "version_value": "openssl-1.0.2b"
                          },
                          {
                            "version_value": "openssl-1.0.2c"
                          },
                          {
                            "version_value": "openssl-1.0.2d"
                          },
                          {
                            "version_value": "openssl-1.0.2e"
                          },
                          {
                            "version_value": "openssl-1.0.2f"
                          },
                          {
                            "version_value": "openssl-1.0.2g"
                          },
                          {
                            "version_value": "openssl-1.0.2h"
                          },
                          {
                            "version_value": "openssl-1.0.2i"
                          },
                          {
                            "version_value": "openssl-1.0.2j"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "OSS-Fuzz project"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "carry-propagating bug"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2185",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2185"
            },
            {
              "name": "RHSA-2018:2186",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2186"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "RHSA-2018:2713",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2713"
            },
            {
              "name": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b",
              "refsource": "MISC",
              "url": "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
            },
            {
              "name": "FreeBSD-SA-17:02",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-17:02.openssl.asc"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20170126.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20170126.txt"
            },
            {
              "name": "1037717",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037717"
            },
            {
              "name": "RHSA-2018:2575",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2575"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2017-04",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2017-04"
            },
            {
              "name": "GLSA-201702-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201702-07"
            },
            {
              "name": "RHSA-2018:2568",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2568"
            },
            {
              "name": "95814",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95814"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03838en_us"
            },
            {
              "name": "RHSA-2018:2187",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2187"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2017-3732",
    "datePublished": "2017-05-04T19:00:00.000Z",
    "dateReserved": "2016-12-16T00:00:00.000Z",
    "dateUpdated": "2024-09-16T22:08:37.371Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2017-AVI-035

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Cisco. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Se référer au bulletin de sécurité de l'éditeur pour le détail des produits affectés.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20170130-openssl du 30 janvier 2017	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20170130-openssl du 30 janvier 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour le d\u00e9tail  des produits affect\u00e9s.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2017-3730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3730"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    }
  ],
  "initial_release_date": "2017-01-31T00:00:00",
  "last_revision_date": "2017-01-31T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170130-openssl du 30    janvier 2017",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170130-openssl"
    }
  ],
  "reference": "CERTFR-2017-AVI-035",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Cisco\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20170130-openssl du 30 janvier 2017",
      "url": null
    }
  ]
}

CERTFR-2018-AVI-589

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.1.x antérieures à 6.1.1.6 iFix2
IBM	N/A	IBM Security SiteProtector System versions 3.0.0.x antérieures à 3.0.0.20
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.x antérieures à 7.0.4.0 iFix1
IBM	N/A	VRA - Vyatta 5600
IBM	WebSphere	IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 à 1.0.0.7 et 2.2.0.0 à 2.2.6.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.2.x antérieures à 6.2.0.6 iFix2
IBM	QRadar	IBM QRadar Network Security versions 5.5.x antérieures à 5.5.0.1
IBM	N/A	IBM DataPower Gateway versions 7.6.x antérieures à 7.6.0.3
IBM	N/A	IBM Social Program Management Design System versions antérieures à 1.4.0
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 6.0.5.x antérieures à 6.0.5.10 iFix4
IBM	N/A	IBM DataPower Gateway versions 7.1.x antérieures à 7.1.0.20
IBM	N/A	IBM DataPower Gateway versions 7.5.2.x antérieures à 7.2.10
IBM	N/A	IBM Cúram Social Program Management (SPM) versions 7.0.x antérieures à 7.0.1.3
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.1.0
IBM	N/A	IBM DataPower Gateway versions 7.2.x antérieures à 7.2.0.17
IBM	QRadar	IBM QRadar Network Security versions 5.4.x antérieures à 5.4.0.6
IBM	N/A	IBM DataPower Gateway versions 7.5.1.x antérieures à 7.1.10
IBM	N/A	IBM Security SiteProtector System versions 3.1.1.x antérieures à 3.1.1.17
IBM	N/A	IBM DataPower Gateway versions 7.5.0.x antérieures à 7.5.0.11
IBM	WebSphere	WebSphere Application Server versions antérieures à 9.0.0.10
IBM	N/A	IBM Voice Gateway versions antérieures à 1.0.0.7a
IBM	N/A	IBM Lotus Protector for Mail Security version 2.8.3.0

References

Title

Publication Time

Tags

Bulletin de sécurité IBM ibm10732880 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739019 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744291 du 05 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744157 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739035 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744557 du 07 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739985 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740799 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10743847 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10736137 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10742369 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10739027 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744247 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10744553 du 06 décembre 2018	None	vendor-advisory
Bulletin de sécurité IBM ibm10740789 du 07 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.1.x ant\u00e9rieures \u00e0 6.1.1.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.0.0.x ant\u00e9rieures \u00e0 3.0.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.x ant\u00e9rieures \u00e0 7.0.4.0 iFix1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VRA - Vyatta 5600",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Java SDK dans IBM WebSphere Application Server versions 1.0.0.0 \u00e0 1.0.0.7 et 2.2.0.0 \u00e0 2.2.6.0",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.6 iFix2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.5.x ant\u00e9rieures \u00e0 5.5.0.1",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.6.x ant\u00e9rieures \u00e0 7.6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Social Program Management Design System versions ant\u00e9rieures \u00e0 1.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 6.0.5.x ant\u00e9rieures \u00e0 6.0.5.10 iFix4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.1.x ant\u00e9rieures \u00e0 7.1.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.2.x ant\u00e9rieures \u00e0 7.2.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM C\u00faram Social Program Management (SPM) versions 7.0.x ant\u00e9rieures \u00e0 7.0.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.2.x ant\u00e9rieures \u00e0 7.2.0.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar Network Security versions 5.4.x ant\u00e9rieures \u00e0 5.4.0.6",
      "product": {
        "name": "QRadar",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.1.x ant\u00e9rieures \u00e0 7.1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Security SiteProtector System versions 3.1.1.x ant\u00e9rieures \u00e0 3.1.1.17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM DataPower Gateway versions 7.5.0.x ant\u00e9rieures \u00e0 7.5.0.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server versions ant\u00e9rieures \u00e0 9.0.0.10",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Voice Gateway versions ant\u00e9rieures \u00e0 1.0.0.7a",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM Lotus Protector for Mail Security version 2.8.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-16058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16058"
    },
    {
      "name": "CVE-2018-10873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10873"
    },
    {
      "name": "CVE-2018-3721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3721"
    },
    {
      "name": "CVE-2018-16396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16396"
    },
    {
      "name": "CVE-2018-0737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0737"
    },
    {
      "name": "CVE-2018-10933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
    },
    {
      "name": "CVE-2018-16658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16658"
    },
    {
      "name": "CVE-2018-0739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
    },
    {
      "name": "CVE-2018-10902",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10902"
    },
    {
      "name": "CVE-2018-15594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15594"
    },
    {
      "name": "CVE-2018-16151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16151"
    },
    {
      "name": "CVE-2018-8039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8039"
    },
    {
      "name": "CVE-2018-1656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1656"
    },
    {
      "name": "CVE-2018-1671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1671"
    },
    {
      "name": "CVE-2018-2973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2973"
    },
    {
      "name": "CVE-2018-6554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6554"
    },
    {
      "name": "CVE-2018-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1652"
    },
    {
      "name": "CVE-2018-16842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16842"
    },
    {
      "name": "CVE-2018-17182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17182"
    },
    {
      "name": "CVE-2018-2964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2964"
    },
    {
      "name": "CVE-2018-3139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3139"
    },
    {
      "name": "CVE-2018-15572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15572"
    },
    {
      "name": "CVE-2018-14609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14609"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-14618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
    },
    {
      "name": "CVE-2018-16395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16395"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2018-16056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16056"
    },
    {
      "name": "CVE-2018-3180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3180"
    },
    {
      "name": "CVE-2018-1900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1900"
    },
    {
      "name": "CVE-2018-14617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14617"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2018-16839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16839"
    },
    {
      "name": "CVE-2018-14633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14633"
    },
    {
      "name": "CVE-2018-14678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14678"
    },
    {
      "name": "CVE-2018-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13099"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-9516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
    },
    {
      "name": "CVE-2018-9363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
    },
    {
      "name": "CVE-2018-16152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16152"
    },
    {
      "name": "CVE-2018-10938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-10938"
    },
    {
      "name": "CVE-2018-14734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-14734"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2018-1957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1957"
    },
    {
      "name": "CVE-2018-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1654"
    },
    {
      "name": "CVE-2018-0495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0495"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    },
    {
      "name": "CVE-2018-8013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8013"
    },
    {
      "name": "CVE-2018-12539",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12539"
    },
    {
      "name": "CVE-2018-16276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16276"
    }
  ],
  "initial_release_date": "2018-12-10T00:00:00",
  "last_revision_date": "2018-12-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-589",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-12-10T00:00:00.000000"
    },
    {
      "description": "Ajout de deux bulletins de s\u00e9curit\u00e9 IBM Lotus Protector",
      "revision_date": "2018-12-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    },
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10732880 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10732880"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739019 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739019"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744291 du 05 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744291"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744157 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744157"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739035 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739035"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744557 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744557"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739985 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739985"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740799 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740799"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10743847 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10743847"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10736137 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10736137"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10742369 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10742369"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10739027 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10739027"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744247 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744247"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10744553 du 06 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10744553"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM ibm10740789 du 07 d\u00e9cembre 2018",
      "url": "https://www-01.ibm.com/support/docview.wss?uid=ibm10740789"
    }
  ]
}

CERTFR-2018-AVI-184

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier 8.2.0 antérieures à 8.2.0-R18
Juniper Networks	N/A	CTPOS versions antérieures à 7.3R4 ou 7.4R1
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D60 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D100
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D66, 12.3X48-D70
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D59
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R5
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D58 on EX2300/EX3400
Juniper Networks	N/A	CentOS versions 6.5 antérieures à 2012.2R12
Juniper Networks	Junos OS	Junos OS versions 14.2 antérieures à 14.2R8
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S9, 16.1R5-S3, 16.1R6-S3, 16.1R7
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D50
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D233 on QFX5200/QFX5110
Juniper Networks	Junos OS	Junos OS versions 16.1X70 antérieures à 16.1X70-D10
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D90
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R1-S6, 16.2R2
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S6, 16.1R5
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D60
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier versions 8.3.0.x antérieures à 8.3.0-R11
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2-S6, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R2-S3, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D65
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D130 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7
Juniper Networks	N/A	NSM versions antérieures à 2012.2R14
Juniper Networks	Junos OS	Junos OS versions 17.2X75 antérieures à 17.2X75-D70
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D35 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66, 15.1X53-D233, 15.1X53-D471
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R2
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 16.1X65 antérieures à 16.1X65-D47
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1R4-S9, 15.1R6-S6, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 14.1 antérieures à 14.1R10, 14.1R9
Juniper Networks	Junos OS	Junos OS versions 14.1X53 antérieures à 14.1X53-D47
Juniper Networks	Junos OS	Junos OS versions 16.2 antérieures à 16.2R1-S6, 16.2R2-S5, 16.2R3
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66
Juniper Networks	Junos OS	Junos OS versions 12.3 antérieures à 12.3R12-S7, 12.3R13
Juniper Networks	N/A	CTPView versions antérieures à 7.3R4 ou 7.4R2
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D471 on NFX
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R5-S3, 16.1R7
Juniper Networks	Junos OS	Junos OS versions 12.1X46 antérieures à 12.1X46-D76
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66 sur QFX10K
N/A	N/A	Junos Snapshot Administrator (JSNAPy) versions antérieures à 1.3.0
Juniper Networks	Junos OS	Junos OS versions 17.2 antérieures à 17.2R1-S5, 17.2R2
Juniper Networks	N/A	NorthStar Controller versions 3.2.x antérieures à 3.2.1
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F2-S20, 15.1F6-S10, 15.1R7
Juniper Networks	Junos OS	Junos OS versions 12.1X46 antérieures à 12.1X46-D60 sur SRX
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D131, 15.1X49-D140
Juniper Networks	Junos OS	Junos OS versions 15.1 antérieures à 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5
Juniper Networks	N/A	NorthStar Controller versions 3.0.x antérieures à 3.0.1
Juniper Networks	Junos OS	Junos OS versions 12.3X48 antérieures à 12.3X48-D55
Juniper Networks	Junos OS	Junos OS versions 17.1 antérieures à 17.1R1-S7, 17.1R2-S6, 17.1R3
Juniper Networks	Junos OS	Junos OS versions 15.1X49 antérieures à 15.1X49-D130
Juniper Networks	Junos OS	Junos OS versions 15.1X53 antérieures à 15.1X53-D66 sur QFX10
Juniper Networks	N/A	Steel-Belted Radius (SBR) Carrier versions 8.4.1.x antérieures à 8.4.1-R5
Juniper Networks	Junos OS	Junos OS versions 14.1X53 antérieures à 14.1X53-D130
Juniper Networks	Junos OS	Junos OS versions 16.1 antérieures à 16.1R3-S8, 16.1R4-S8, 16.1R5
Juniper Networks	Junos OS	Junos OS versions 17.2 antérieures à 17.2R1-S3, 17.2R2-S1, 17.2R3

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10852 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10847 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10845 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10850 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10855 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10844 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10846 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10851 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10856 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10849 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10853 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10854 du 11 avril 2018	None	vendor-advisory
Bulletin de sécurité Juniper JSA10848 du 11 avril 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Steel-Belted Radius (SBR) Carrier 8.2.0 ant\u00e9rieures \u00e0 8.2.0-R18",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPOS versions ant\u00e9rieures \u00e0 7.3R4 ou 7.4R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D60 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D100",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D66, 12.3X48-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D59",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D58 on EX2300/EX3400",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CentOS versions 6.5 ant\u00e9rieures \u00e0 2012.2R12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.2 ant\u00e9rieures \u00e0 14.2R8",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S9, 16.1R5-S3, 16.1R6-S3, 16.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D50",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D233 on QFX5200/QFX5110",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1X70 ant\u00e9rieures \u00e0 16.1X70-D10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D90",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R1-S6, 16.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S6, 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D60",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Steel-Belted Radius (SBR) Carrier versions 8.3.0.x ant\u00e9rieures \u00e0 8.3.0-R11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S6, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R2-S3, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D65",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D130 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NSM versions ant\u00e9rieures \u00e0 2012.2R14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2X75 ant\u00e9rieures \u00e0 17.2X75-D70",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D35 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66, 15.1X53-D233, 15.1X53-D471",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1X65 ant\u00e9rieures \u00e0 16.1X65-D47",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1R4-S9, 15.1R6-S6, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1 ant\u00e9rieures \u00e0 14.1R10, 14.1R9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D47",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.2 ant\u00e9rieures \u00e0 16.2R1-S6, 16.2R2-S5, 16.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D233, 15.1X53-D471, 15.1X53-D472, 15.1X53-D58, 15.1X53-D66",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3 ant\u00e9rieures \u00e0 12.3R12-S7, 12.3R13",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView versions ant\u00e9rieures \u00e0 7.3R4 ou 7.4R2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D471 on NFX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R5-S3, 16.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D76",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66 sur QFX10K",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos Snapshot Administrator (JSNAPy) versions ant\u00e9rieures \u00e0 1.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2 ant\u00e9rieures \u00e0 17.2R1-S5, 17.2R2",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller versions 3.2.x ant\u00e9rieures \u00e0 3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F2-S20, 15.1F6-S10, 15.1R7",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.1X46 ant\u00e9rieures \u00e0 12.1X46-D60 sur SRX",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D131, 15.1X49-D140",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 ant\u00e9rieures \u00e0 15.1F5-S3, 15.1F6-S8, 15.1F7, 15.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller versions 3.0.x ant\u00e9rieures \u00e0 3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 12.3X48 ant\u00e9rieures \u00e0 12.3X48-D55",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.1 ant\u00e9rieures \u00e0 17.1R1-S7, 17.1R2-S6, 17.1R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X49 ant\u00e9rieures \u00e0 15.1X49-D130",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1X53 ant\u00e9rieures \u00e0 15.1X53-D66 sur QFX10",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Steel-Belted Radius (SBR) Carrier versions 8.4.1.x ant\u00e9rieures \u00e0 8.4.1-R5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 14.1X53 ant\u00e9rieures \u00e0 14.1X53-D130",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 16.1 ant\u00e9rieures \u00e0 16.1R3-S8, 16.1R4-S8, 16.1R5",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 17.2 ant\u00e9rieures \u00e0 17.2R1-S3, 17.2R2-S1, 17.2R3",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-8767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8767"
    },
    {
      "name": "CVE-2018-0020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0020"
    },
    {
      "name": "CVE-2016-5829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5829"
    },
    {
      "name": "CVE-2016-0701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
    },
    {
      "name": "CVE-2015-8324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8324"
    },
    {
      "name": "CVE-2018-0017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0017"
    },
    {
      "name": "CVE-2013-4312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4312"
    },
    {
      "name": "CVE-2018-0021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0021"
    },
    {
      "name": "CVE-2015-5156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5156"
    },
    {
      "name": "CVE-2013-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1762"
    },
    {
      "name": "CVE-2016-4470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4470"
    },
    {
      "name": "CVE-2017-1000385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000385"
    },
    {
      "name": "CVE-2017-3737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
    },
    {
      "name": "CVE-2018-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0016"
    },
    {
      "name": "CVE-2016-1583",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1583"
    },
    {
      "name": "CVE-2014-7842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7842"
    },
    {
      "name": "CVE-2015-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3644"
    },
    {
      "name": "CVE-2016-2550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2550"
    },
    {
      "name": "CVE-2016-5696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5696"
    },
    {
      "name": "CVE-2015-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2925"
    },
    {
      "name": "CVE-2018-0019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0019"
    },
    {
      "name": "CVE-2016-4565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4565"
    },
    {
      "name": "CVE-2018-0022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0022"
    },
    {
      "name": "CVE-2014-0016",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0016"
    },
    {
      "name": "CVE-2016-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0774"
    },
    {
      "name": "CVE-2015-7550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7550"
    },
    {
      "name": "CVE-2014-8134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8134"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3736"
    },
    {
      "name": "CVE-2015-2080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2080"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2015-8543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8543"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2017-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3738"
    },
    {
      "name": "CVE-2015-7613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7613"
    },
    {
      "name": "CVE-2015-5157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5157"
    },
    {
      "name": "CVE-2008-2420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2420"
    },
    {
      "name": "CVE-2008-2400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2400"
    },
    {
      "name": "CVE-2018-0018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0018"
    },
    {
      "name": "CVE-2015-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1805"
    },
    {
      "name": "CVE-2018-0023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0023"
    },
    {
      "name": "CVE-2010-5313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-5313"
    },
    {
      "name": "CVE-2015-7872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7872"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-2143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2143"
    }
  ],
  "initial_release_date": "2018-04-16T00:00:00",
  "last_revision_date": "2018-04-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-184",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-04-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10852 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10852\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10847 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10847\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10845 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10845\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10850 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10850\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10855 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10855\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10844 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10844\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10846 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10846\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10851 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10851\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10856 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10856\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10849 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10849\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10853 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10853\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10854 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10854\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10848 du 11 avril 2018",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10848\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2017-AVI-212

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	CTPView 7.1, 7.2 et 7.3
N/A	N/A	CTPOS 7.0, 7.1, 7.2 et 7.3
N/A	N/A	ScreenOS versions antérieures à 6.3.0r24
Juniper Networks	Junos OS	Junos OS toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10797 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10794 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10789 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10800 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10793 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10791 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10775 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10795 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10790 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10779 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10787 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10799 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10796 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10792 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10798 du 12 juillet 2017	None	vendor-advisory
Bulletin de sécurité Juniper JSA10782 du 12 juillet 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "CTPView 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CTPOS 7.0, 7.1, 7.2 et 7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ScreenOS versions ant\u00e9rieures \u00e0 6.3.0r24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2341"
    },
    {
      "name": "CVE-2017-3135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3135"
    },
    {
      "name": "CVE-2017-2346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2346"
    },
    {
      "name": "CVE-2016-7426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7426"
    },
    {
      "name": "CVE-2017-2347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2347"
    },
    {
      "name": "CVE-2017-2338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2338"
    },
    {
      "name": "CVE-2017-2348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2348"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2016-7433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7433"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2016-7434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7434"
    },
    {
      "name": "CVE-2017-2336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2336"
    },
    {
      "name": "CVE-2017-2337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2337"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-10605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-10605"
    },
    {
      "name": "CVE-2017-2344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2344"
    },
    {
      "name": "CVE-2017-2345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2345"
    },
    {
      "name": "CVE-2017-2343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2343"
    },
    {
      "name": "CVE-2017-2339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2339"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    },
    {
      "name": "CVE-2016-1887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1887"
    },
    {
      "name": "CVE-2016-9312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9312"
    },
    {
      "name": "CVE-2016-7428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7428"
    },
    {
      "name": "CVE-2016-3074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3074"
    },
    {
      "name": "CVE-2017-2314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2314"
    },
    {
      "name": "CVE-2017-2342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2342"
    },
    {
      "name": "CVE-2017-2335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2335"
    }
  ],
  "initial_release_date": "2017-07-12T00:00:00",
  "last_revision_date": "2017-07-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2017-AVI-212",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10797 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10797\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10794 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10794\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10789 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10789\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10800 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10800\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10793 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10793\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10791 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10791\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10775 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10775\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10795 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10795\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10790 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10790\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10779 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10779\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10787 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10787\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10799 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10799\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10796 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10796\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10792 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10792\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10798 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10798\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10782 du 12 juillet 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10782\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2017-AVI-122

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	Oracle MySQL Cluster versions 7.2.27 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Backup versions 3.12.3 et antérieures
Oracle	MySQL	Oracle MySQL Connectors versions 5.1.41 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.4.14 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.2.1182 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Backup versions 4.0.3 et antérieures
Oracle	MySQL	Oracle MySQL Workbench versions 6.3.8 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.6.35 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.1.6.8003 et antérieures
Oracle	MySQL	Oracle MySQL Enterprise Monitor versions 3.3.2.1162 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.7.17 et antérieures
Oracle	MySQL	Oracle MySQL Connectors versions 2.1.5 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.5.5 et antérieures
Oracle	MySQL	Oracle MySQL Server versions 5.5.54 et antérieures
Oracle	MySQL	Oracle MySQL Cluster versions 7.3.16 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2017verbose-3236619 du 18 avril 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2017-3236618 du 18 avril 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2017-3236618 du 18 avril 2017	-	other
Bulletin de sécurité Oracle cpuapr2017verbose-3236619 du 18 avril 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle MySQL Cluster versions 7.2.27 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Backup versions 3.12.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Connectors versions 5.1.41 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.4.14 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.2.1182 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Backup versions 4.0.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Workbench versions 6.3.8 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.6.35 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.1.6.8003 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Enterprise Monitor versions 3.3.2.1162 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.7.17 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Connectors versions 2.1.5 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.5.5 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Server versions 5.5.54 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle MySQL Cluster versions 7.3.16 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3458"
    },
    {
      "name": "CVE-2017-3462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3462"
    },
    {
      "name": "CVE-2017-3467",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3467"
    },
    {
      "name": "CVE-2017-3306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3306"
    },
    {
      "name": "CVE-2017-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3456"
    },
    {
      "name": "CVE-2016-3092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3092"
    },
    {
      "name": "CVE-2017-3468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3468"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2017-3600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3600"
    },
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2017-3460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3460"
    },
    {
      "name": "CVE-2016-6303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
    },
    {
      "name": "CVE-2017-3307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3307"
    },
    {
      "name": "CVE-2017-3453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3453"
    },
    {
      "name": "CVE-2017-3469",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3469"
    },
    {
      "name": "CVE-2017-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3590"
    },
    {
      "name": "CVE-2017-3308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3308"
    },
    {
      "name": "CVE-2017-3599",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3599"
    },
    {
      "name": "CVE-2017-3586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3586"
    },
    {
      "name": "CVE-2017-3463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3463"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3461"
    },
    {
      "name": "CVE-2017-3455",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3455"
    },
    {
      "name": "CVE-2017-3302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3302"
    },
    {
      "name": "CVE-2017-3454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3454"
    },
    {
      "name": "CVE-2017-3450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3450"
    },
    {
      "name": "CVE-2017-3457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3457"
    },
    {
      "name": "CVE-2017-3465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3465"
    },
    {
      "name": "CVE-2017-3589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3589"
    },
    {
      "name": "CVE-2017-3452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3452"
    },
    {
      "name": "CVE-2017-3331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3331"
    },
    {
      "name": "CVE-2017-3464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3464"
    },
    {
      "name": "CVE-2017-3304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3304"
    },
    {
      "name": "CVE-2017-5638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5638"
    },
    {
      "name": "CVE-2017-3305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3305"
    },
    {
      "name": "CVE-2017-3329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3329"
    },
    {
      "name": "CVE-2017-3309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3309"
    },
    {
      "name": "CVE-2017-3459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3459"
    }
  ],
  "initial_release_date": "2017-04-19T00:00:00",
  "last_revision_date": "2017-04-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017-3236618 du 18 avril    2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017verbose-3236619 du 18    avril 2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017verbose-3236619.html#MSQL"
    }
  ],
  "reference": "CERTFR-2017-AVI-122",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle MySQL\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017verbose-3236619 du 18 avril 2017",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2017-3236618 du 18 avril 2017",
      "url": null
    }
  ]
}

CERTFR-2017-AVI-224

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Server versions 7.3.5 et antérieures
Oracle	MySQL	MySQL Server versions 5.6.36 et antérieures
Oracle	MySQL	MySQL Connectors versions 5.3.7 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 3.2.7.1204 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 3.1.5.7958 et antérieures
Oracle	MySQL	MySQL Server versions 5.5.56 et antérieures
Oracle	MySQL	MySQL Connectors versions 6.1.19 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 3.3.3.1199 et antérieures
Oracle	MySQL	MySQL Server versions 5.7.18 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujul2017-3236622 du 17 juillet 2017	None	vendor-advisory
Bulletin de sécurité Oracle cpujul2017-3236622 du 17 juillet 2017	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL Server versions 7.3.5 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 5.6.36 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Connectors versions 5.3.7 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 3.2.7.1204 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 3.1.5.7958 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 5.5.56 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Connectors versions 6.1.19 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 3.3.3.1199 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 5.7.18 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-5651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5651"
    },
    {
      "name": "CVE-2016-4436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4436"
    },
    {
      "name": "CVE-2017-3644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3644"
    },
    {
      "name": "CVE-2017-3652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3652"
    },
    {
      "name": "CVE-2017-3650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3650"
    },
    {
      "name": "CVE-2017-3636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3636"
    },
    {
      "name": "CVE-2017-3653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3653"
    },
    {
      "name": "CVE-2017-3649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3649"
    },
    {
      "name": "CVE-2017-3637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3637"
    },
    {
      "name": "CVE-2017-3634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3634"
    },
    {
      "name": "CVE-2017-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3642"
    },
    {
      "name": "CVE-2017-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3647"
    },
    {
      "name": "CVE-2017-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3646"
    },
    {
      "name": "CVE-2017-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3645"
    },
    {
      "name": "CVE-2017-3638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3638"
    },
    {
      "name": "CVE-2017-3635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3635"
    },
    {
      "name": "CVE-2017-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3643"
    },
    {
      "name": "CVE-2017-3633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3633"
    },
    {
      "name": "CVE-2017-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3640"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2017-3651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3651"
    },
    {
      "name": "CVE-2017-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3639"
    },
    {
      "name": "CVE-2017-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3641"
    },
    {
      "name": "CVE-2017-3648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3648"
    },
    {
      "name": "CVE-2017-5647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5647"
    },
    {
      "name": "CVE-2017-3529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3529"
    },
    {
      "name": "CVE-2014-1912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1912"
    }
  ],
  "initial_release_date": "2017-07-19T00:00:00",
  "last_revision_date": "2017-07-19T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2017-3236622 du 17    juillet 2017",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    }
  ],
  "reference": "CERTFR-2017-AVI-224",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-07-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOracle MySQL\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0\nun attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, un d\u00e9ni de service et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2017-3236622 du 17 juillet 2017",
      "url": null
    }
  ]
}

CERTFR-2018-AVI-343

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS versions 5.4.5 et antérieures
Fortinet	N/A	FortSwitch versions 3.5.2 et antérieures
Fortinet	FortiAnalyzer	FortiAnalyzer versions 5.4.2 et antérieures
Fortinet	N/A	FortiAP versions 5.4.2 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-17-019 du 13 juillet 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS versions 5.4.5 et ant\u00e9rieures",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortSwitch versions 3.5.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAnalyzer versions 5.4.2 et ant\u00e9rieures",
      "product": {
        "name": "FortiAnalyzer",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiAP versions 5.4.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3731"
    },
    {
      "name": "CVE-2017-3732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3732"
    },
    {
      "name": "CVE-2016-7055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7055"
    }
  ],
  "initial_release_date": "2018-07-16T00:00:00",
  "last_revision_date": "2018-07-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-343",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-07-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nFortinet. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-17-019 du 13 juillet 2018",
      "url": "https://fortiguard.com/psirt/FG-IR-17-019"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-3732 (GCVE-0-2017-3732)

Vulnerability from cvelistv5

CERTFR-2017-AVI-035

Vulnerability from certfr_avis

Solution

CERTFR-2018-AVI-589

Vulnerability from certfr_avis

Solution

CERTFR-2018-AVI-184

Vulnerability from certfr_avis

Solution

CERTFR-2017-AVI-212

Vulnerability from certfr_avis

Solution

CERTFR-2017-AVI-122

Vulnerability from certfr_avis

Solution

CERTFR-2017-AVI-224

Vulnerability from certfr_avis

Solution

CERTFR-2018-AVI-343

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature