cvelistv5 - cve-2019-1547

CVE-2019-1547 (GCVE-0-2019-1547)

Vulnerability from cvelistv5

Published

2019-09-10 16:58

Modified

2024-09-16 16:33

Severity ?

CWE

Timing side channel

Summary

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

References

URL

Tags

	https://seclists.org/bugtraq/2019/Sep/25	mailing-list
	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/	vendor-advisory
	https://seclists.org/bugtraq/2019/Oct/1	mailing-list
	https://seclists.org/bugtraq/2019/Oct/0	mailing-list
	https://www.debian.org/security/2019/dsa-4539	vendor-advisory
	https://www.debian.org/security/2019/dsa-4540	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html	vendor-advisory
	https://security.gentoo.org/glsa/201911-04	vendor-advisory
	https://usn.ubuntu.com/4376-1/	vendor-advisory
	https://www.oracle.com/security-alerts/cpuapr2020.html
	https://www.oracle.com/security-alerts/cpujul2020.html
	https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
	https://www.tenable.com/security/tns-2019-08
	https://www.oracle.com/security-alerts/cpujan2020.html
	https://www.openssl.org/news/secadv/20190910.txt
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a
	https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46
	https://arxiv.org/abs/1909.01785
	http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html
	https://security.netapp.com/advisory/ntap-20190919-0002/
	https://support.f5.com/csp/article/K73422160?utm_source=f5support&amp%3Butm_medium=RSS
	https://www.tenable.com/security/tns-2019-09
	https://security.netapp.com/advisory/ntap-20200122-0002/
	https://security.netapp.com/advisory/ntap-20200416-0003/
	https://usn.ubuntu.com/4376-2/	vendor-advisory
	https://usn.ubuntu.com/4504-1/	vendor-advisory
	https://www.oracle.com/security-alerts/cpuoct2020.html
	https://kc.mcafee.com/corporate/index?page=content&id=SB10365
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	OpenSSL	OpenSSL	Version: Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c) Version: Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k) Version: Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1547",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-19T19:04:18.544630Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-19T19:04:25.516Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:28.292Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Sep/25"
          },
          {
            "name": "openSUSE-SU-2019:2158",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"
          },
          {
            "name": "FEDORA-2019-d15aac6c4e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
          },
          {
            "name": "openSUSE-SU-2019:2189",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"
          },
          {
            "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"
          },
          {
            "name": "FEDORA-2019-d51641f152",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
          },
          {
            "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/1"
          },
          {
            "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/0"
          },
          {
            "name": "DSA-4539",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4539"
          },
          {
            "name": "DSA-4540",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4540"
          },
          {
            "name": "openSUSE-SU-2019:2268",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"
          },
          {
            "name": "openSUSE-SU-2019:2269",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"
          },
          {
            "name": "GLSA-201911-04",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201911-04"
          },
          {
            "name": "USN-4376-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-08"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190910.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arxiv.org/abs/1909.01785"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-09"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200122-0002/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
          },
          {
            "name": "USN-4376-2",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-2/"
          },
          {
            "name": "USN-4504-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4504-1/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Cesar Pereida Garc\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley"
        }
      ],
      "datePublic": "2019-09-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Low",
              "value": "Low"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Timing side channel",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:06:30.909Z",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "20190912 [slackware-security] openssl (SSA:2019-254-03)",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Sep/25"
        },
        {
          "name": "openSUSE-SU-2019:2158",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html"
        },
        {
          "name": "FEDORA-2019-d15aac6c4e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/"
        },
        {
          "name": "openSUSE-SU-2019:2189",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html"
        },
        {
          "name": "[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html"
        },
        {
          "name": "FEDORA-2019-d51641f152",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/"
        },
        {
          "name": "20191001 [SECURITY] [DSA 4539-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/1"
        },
        {
          "name": "20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/0"
        },
        {
          "name": "DSA-4539",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4539"
        },
        {
          "name": "DSA-4540",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4540"
        },
        {
          "name": "openSUSE-SU-2019:2268",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html"
        },
        {
          "name": "openSUSE-SU-2019:2269",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html"
        },
        {
          "name": "GLSA-201911-04",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201911-04"
        },
        {
          "name": "USN-4376-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4376-1/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2019-08"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "https://www.openssl.org/news/secadv/20190910.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46"
        },
        {
          "url": "https://arxiv.org/abs/1909.01785"
        },
        {
          "url": "http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190919-0002/"
        },
        {
          "url": "https://support.f5.com/csp/article/K73422160?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "url": "https://www.tenable.com/security/tns-2019-09"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200122-0002/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20200416-0003/"
        },
        {
          "name": "USN-4376-2",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4376-2/"
        },
        {
          "name": "USN-4504-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4504-1/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "ECDSA remote timing attack"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1547",
    "datePublished": "2019-09-10T16:58:35.307Z",
    "dateReserved": "2018-11-28T00:00:00.000Z",
    "dateUpdated": "2024-09-16T16:33:05.874Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://seclists.org/bugtraq/2019/Sep/25\", \"name\": \"20190912 [slackware-security] openssl (SSA:2019-254-03)\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html\", \"name\": \"openSUSE-SU-2019:2158\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/\", \"name\": \"FEDORA-2019-d15aac6c4e\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html\", \"name\": \"openSUSE-SU-2019:2189\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html\", \"name\": \"[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/\", \"name\": \"FEDORA-2019-d51641f152\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/1\", \"name\": \"20191001 [SECURITY] [DSA 4539-1] openssl security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/0\", \"name\": \"20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update\", \"tags\": [\"mailing-list\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4539\", \"name\": \"DSA-4539\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4540\", \"name\": \"DSA-4540\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html\", \"name\": \"openSUSE-SU-2019:2268\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html\", \"name\": \"openSUSE-SU-2019:2269\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://security.gentoo.org/glsa/201911-04\", \"name\": \"GLSA-201911-04\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4376-1/\", \"name\": \"USN-4376-1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-08\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.openssl.org/news/secadv/20190910.txt\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://arxiv.org/abs/1909.01785\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190919-0002/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.f5.com/csp/article/K73422160?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.tenable.com/security/tns-2019-09\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200122-0002/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0003/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4376-2/\", \"name\": \"USN-4376-2\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/4504-1/\", \"name\": \"USN-4504-1\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T18:20:28.292Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2019-1547\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-19T19:04:18.544630Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-19T19:04:22.599Z\"}}], \"cna\": {\"title\": \"ECDSA remote timing attack\", \"credits\": [{\"lang\": \"en\", \"value\": \"Cesar Pereida Garc\\u00eda, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley\"}], \"metrics\": [{\"other\": {\"type\": \"unknown\", \"content\": {\"url\": \"https://www.openssl.org/policies/secpolicy.html#Low\", \"lang\": \"eng\", \"value\": \"Low\"}}}], \"affected\": [{\"vendor\": \"OpenSSL\", \"product\": \"OpenSSL\", \"versions\": [{\"status\": \"affected\", \"version\": \"Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c)\"}, {\"status\": \"affected\", \"version\": \"Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k)\"}, {\"status\": \"affected\", \"version\": \"Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s)\"}]}], \"datePublic\": \"2019-09-10T00:00:00.000Z\", \"references\": [{\"url\": \"https://seclists.org/bugtraq/2019/Sep/25\", \"name\": \"20190912 [slackware-security] openssl (SSA:2019-254-03)\", \"tags\": [\"mailing-list\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00054.html\", \"name\": \"openSUSE-SU-2019:2158\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GY6SNRJP2S7Y42GIIDO3HXPNMDYN2U3A/\", \"name\": \"FEDORA-2019-d15aac6c4e\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00072.html\", \"name\": \"openSUSE-SU-2019:2189\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html\", \"name\": \"[debian-lts-announce] 20190925 [SECURITY] [DLA 1932-1] openssl security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZN4VVQJ3JDCHGIHV4Y2YTXBYQZ6PWQ7E/\", \"name\": \"FEDORA-2019-d51641f152\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/1\", \"name\": \"20191001 [SECURITY] [DSA 4539-1] openssl security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://seclists.org/bugtraq/2019/Oct/0\", \"name\": \"20191001 [SECURITY] [DSA 4540-1] openssl1.0 security update\", \"tags\": [\"mailing-list\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4539\", \"name\": \"DSA-4539\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.debian.org/security/2019/dsa-4540\", \"name\": \"DSA-4540\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00012.html\", \"name\": \"openSUSE-SU-2019:2268\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00016.html\", \"name\": \"openSUSE-SU-2019:2269\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201911-04\", \"name\": \"GLSA-201911-04\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4376-1/\", \"name\": \"USN-4376-1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2020.html\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\"}, {\"url\": \"https://www.tenable.com/security/tns-2019-08\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\"}, {\"url\": \"https://www.openssl.org/news/secadv/20190910.txt\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=30c22fa8b1d840036b8e203585738df62a03cec8\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7c1709c2da5414f5b6133d00a03fc8c5bf996c7a\"}, {\"url\": \"https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=21c856b75d81eff61aa63b4f036bb64a85bf6d46\"}, {\"url\": \"https://arxiv.org/abs/1909.01785\"}, {\"url\": \"http://packetstormsecurity.com/files/154467/Slackware-Security-Advisory-openssl-Updates.html\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190919-0002/\"}, {\"url\": \"https://support.f5.com/csp/article/K73422160?utm_source=f5support\u0026amp%3Butm_medium=RSS\"}, {\"url\": \"https://www.tenable.com/security/tns-2019-09\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200122-0002/\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200416-0003/\"}, {\"url\": \"https://usn.ubuntu.com/4376-2/\", \"name\": \"USN-4376-2\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://usn.ubuntu.com/4504-1/\", \"name\": \"USN-4504-1\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2020.html\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240621-0006/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Timing side channel\"}]}], \"providerMetadata\": {\"orgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"shortName\": \"openssl\", \"dateUpdated\": \"2024-06-21T19:06:30.909Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2019-1547\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-16T16:33:05.874Z\", \"dateReserved\": \"2018-11-28T00:00:00.000Z\", \"assignerOrgId\": \"3a12439a-ef3a-4c79-92e6-6081a721f1e5\", \"datePublished\": \"2019-09-10T16:58:35.307Z\", \"assignerShortName\": \"openssl\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2019-AVI-657

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Tenable.sc de Tenable. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	N/A	Tenable.sc versions antérieures à 5.13.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2019-09 du 30 décembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Tenable.sc versions ant\u00e9rieures \u00e0 5.13.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-3169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3169"
    },
    {
      "name": "CVE-2017-7659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7659"
    },
    {
      "name": "CVE-2018-1333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1333"
    },
    {
      "name": "CVE-2017-7668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7668"
    },
    {
      "name": "CVE-2017-9798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
    },
    {
      "name": "CVE-2018-1283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1283"
    },
    {
      "name": "CVE-2018-1312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1312"
    },
    {
      "name": "CVE-2019-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
    },
    {
      "name": "CVE-2018-1301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1301"
    },
    {
      "name": "CVE-2017-9788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9788"
    },
    {
      "name": "CVE-2018-17189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17189"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2019-1563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
    },
    {
      "name": "CVE-2018-17199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17199"
    },
    {
      "name": "CVE-2018-1303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1303"
    },
    {
      "name": "CVE-2017-3167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3167"
    },
    {
      "name": "CVE-2017-7679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7679"
    },
    {
      "name": "CVE-2017-15710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15710"
    },
    {
      "name": "CVE-2018-1302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1302"
    },
    {
      "name": "CVE-2019-3465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3465"
    },
    {
      "name": "CVE-2017-15715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15715"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2018-11763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11763"
    }
  ],
  "initial_release_date": "2019-12-31T00:00:00",
  "last_revision_date": "2019-12-31T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-657",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable.sc de\nTenable. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, un contournement de la politique de\ns\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable.sc",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2019-09 du 30 d\u00e9cembre 2019",
      "url": "https://fr.tenable.com/security/tns-2019-09"
    }
  ]
}

CERTFR-2020-AVI-691

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper JIMS versions antérieures à 1.2.1 et 1.3.0
N/A	N/A	Juniper SBR Carrier tout versions antérieures à 8.5.0-R17
N/A	N/A	Juniper Contrail Networking versions antérieures à R2008
N/A	N/A	Juniper SBR Carrier 8.6 versions antérieures à 8.6.0-R12

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11087 du 28 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11074 du 28 octobre 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11073 du 28 octobre 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper JIMS versions ant\u00e9rieures \u00e0 1.2.1 et 1.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SBR Carrier tout versions ant\u00e9rieures \u00e0 8.5.0-R17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Contrail Networking versions ant\u00e9rieures \u00e0 R2008",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SBR Carrier 8.6 versions ant\u00e9rieures \u00e0 8.6.0-R12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-2803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
    },
    {
      "name": "CVE-2020-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
    },
    {
      "name": "CVE-2019-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1549"
    },
    {
      "name": "CVE-2020-2773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
    },
    {
      "name": "CVE-2020-2805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
    },
    {
      "name": "CVE-2020-2830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
    },
    {
      "name": "CVE-2020-2781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
    },
    {
      "name": "CVE-2018-5730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5730"
    },
    {
      "name": "CVE-2019-14846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14846"
    },
    {
      "name": "CVE-2019-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
    },
    {
      "name": "CVE-2016-9843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9843"
    },
    {
      "name": "CVE-2020-2754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
    },
    {
      "name": "CVE-2019-1543",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2019-1563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
    },
    {
      "name": "CVE-2016-9841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9841"
    },
    {
      "name": "CVE-2018-20217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20217"
    },
    {
      "name": "CVE-2020-2755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
    },
    {
      "name": "CVE-2020-2800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
    },
    {
      "name": "CVE-2018-0732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
    },
    {
      "name": "CVE-2018-20843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20843"
    },
    {
      "name": "CVE-2019-1559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1559"
    },
    {
      "name": "CVE-2020-1967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1967"
    },
    {
      "name": "CVE-2020-2757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
    },
    {
      "name": "CVE-2020-5260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-5260"
    },
    {
      "name": "CVE-2018-5729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5729"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2020-2756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
    },
    {
      "name": "CVE-2019-15903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15903"
    },
    {
      "name": "CVE-2019-13734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13734"
    }
  ],
  "initial_release_date": "2020-10-29T00:00:00",
  "last_revision_date": "2020-10-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-691",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-10-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11087 du 28 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11087\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11074 du 28 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11074\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11073 du 28 octobre 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11073\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2024-AVI-0262

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	IBM	Spectrum	IBM Spectrum Protect Server versions 8.1.x antérieures à 8.1.22
	IBM	QRadar SIEM	IBM QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP8

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7145367 du 27 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7144911 du 25 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7145265 du 26 mars 2024	None	vendor-advisory
Bulletin de sécurité IBM 7145262 du 26 mars 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "IBM Spectrum Protect Server versions 8.1.x ant\u00e9rieures \u00e0 8.1.22",
      "product": {
        "name": "Spectrum",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "IBM QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP8",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-7104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
    },
    {
      "name": "CVE-2022-48564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
    },
    {
      "name": "CVE-2022-36760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-36760"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2021-28957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28957"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2020-10683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10683"
    },
    {
      "name": "CVE-2023-4091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4091"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-36632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
    },
    {
      "name": "CVE-2022-25647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-48565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
    },
    {
      "name": "CVE-2020-10735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
    },
    {
      "name": "CVE-2023-42669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42669"
    },
    {
      "name": "CVE-2023-50961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50961"
    },
    {
      "name": "CVE-2023-4813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4813"
    },
    {
      "name": "CVE-2023-34968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34968"
    },
    {
      "name": "CVE-2023-42753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42753"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2020-25659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25659"
    },
    {
      "name": "CVE-2023-23931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23931"
    },
    {
      "name": "CVE-2022-40303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40303"
    },
    {
      "name": "CVE-2023-34967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34967"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2019-1563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
    },
    {
      "name": "CVE-2018-17196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-17196"
    },
    {
      "name": "CVE-2023-3961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3961"
    },
    {
      "name": "CVE-2020-36242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
    },
    {
      "name": "CVE-2020-1968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
    },
    {
      "name": "CVE-2023-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6481"
    },
    {
      "name": "CVE-2023-6129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-6129"
    },
    {
      "name": "CVE-2023-42503",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-42503"
    },
    {
      "name": "CVE-2023-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4806"
    },
    {
      "name": "CVE-2023-34966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34966"
    },
    {
      "name": "CVE-2022-40304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
    },
    {
      "name": "CVE-2022-26377",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26377"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2023-50960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50960"
    },
    {
      "name": "CVE-2020-28493",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28493"
    },
    {
      "name": "CVE-2022-2127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2127"
    },
    {
      "name": "CVE-2020-27783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27783"
    },
    {
      "name": "CVE-2023-5678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5678"
    },
    {
      "name": "CVE-2021-43818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43818"
    },
    {
      "name": "CVE-2018-1000632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
    }
  ],
  "initial_release_date": "2024-03-29T00:00:00",
  "last_revision_date": "2024-03-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0262",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7145367 du 27 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7145367"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7144911 du 25 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7144911"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7145265 du 26 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7145265"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7145262 du 26 mars 2024",
      "url": "https://www.ibm.com/support/pages/node/7145262"
    }
  ]
}

CERTFR-2020-AVI-218

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Client versions 5.6.47 et antérieures, 5.7.29 et antérieures, 8.0.18 et antérieures
Oracle	MySQL	MySQL Cluster versions 7.3.28 et antérieures, 7.4.27 et antérieures, 7.5.17 et antérieures, 7.6.13 et antérieures, 8.0.19 et antérieures
Oracle	MySQL	MySQL Workbench versions 8.0.19 et antérieures
Oracle	MySQL	MySQL Enterprise Monitor versions 4.0.11.5331 et antérieures, 8.0.18.1217 et antérieures
Oracle	MySQL	MySQL Server versions 5.6.47 et antérieures, 5.7.29 et antérieures, 8.0.19 et antérieures
Oracle	MySQL	MySQL Connectors versions 5.1.48 et antérieures, 8.0.19 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuapr2020 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Oracle cpuapr2020verbose du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL Client versions 5.6.47 et ant\u00e9rieures, 5.7.29 et ant\u00e9rieures, 8.0.18 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster versions 7.3.28 et ant\u00e9rieures, 7.4.27 et ant\u00e9rieures, 7.5.17 et ant\u00e9rieures, 7.6.13 et ant\u00e9rieures, 8.0.19 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Workbench versions 8.0.19 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Monitor versions 4.0.11.5331 et ant\u00e9rieures, 8.0.18.1217 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 5.6.47 et ant\u00e9rieures, 5.7.29 et ant\u00e9rieures, 8.0.19 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Connectors versions 5.1.48 et ant\u00e9rieures, 8.0.19 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-2921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2921"
    },
    {
      "name": "CVE-2020-2933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2933"
    },
    {
      "name": "CVE-2020-2875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2875"
    },
    {
      "name": "CVE-2020-2752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2752"
    },
    {
      "name": "CVE-2020-2892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2892"
    },
    {
      "name": "CVE-2020-2853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2853"
    },
    {
      "name": "CVE-2020-2774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2774"
    },
    {
      "name": "CVE-2020-2934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2934"
    },
    {
      "name": "CVE-2020-2901",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2901"
    },
    {
      "name": "CVE-2020-2760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2760"
    },
    {
      "name": "CVE-2020-2804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2804"
    },
    {
      "name": "CVE-2020-2928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2928"
    },
    {
      "name": "CVE-2020-2770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2770"
    },
    {
      "name": "CVE-2020-2761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2761"
    },
    {
      "name": "CVE-2019-19646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19646"
    },
    {
      "name": "CVE-2020-2897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2897"
    },
    {
      "name": "CVE-2020-2922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2922"
    },
    {
      "name": "CVE-2020-2930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2930"
    },
    {
      "name": "CVE-2020-2893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2893"
    },
    {
      "name": "CVE-2020-2790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2790"
    },
    {
      "name": "CVE-2020-2903",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2903"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2020-2768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2768"
    },
    {
      "name": "CVE-2020-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2926"
    },
    {
      "name": "CVE-2020-2904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2904"
    },
    {
      "name": "CVE-2020-2812",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2812"
    },
    {
      "name": "CVE-2020-2896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2896"
    },
    {
      "name": "CVE-2020-2763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2763"
    },
    {
      "name": "CVE-2020-2814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2814"
    },
    {
      "name": "CVE-2020-2779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2779"
    },
    {
      "name": "CVE-2020-2759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2759"
    },
    {
      "name": "CVE-2020-2806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2806"
    },
    {
      "name": "CVE-2020-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2895"
    },
    {
      "name": "CVE-2020-2762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2762"
    },
    {
      "name": "CVE-2020-2925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2925"
    },
    {
      "name": "CVE-2019-5482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5482"
    },
    {
      "name": "CVE-2020-2780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2780"
    },
    {
      "name": "CVE-2019-14889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-14889"
    },
    {
      "name": "CVE-2019-17563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17563"
    },
    {
      "name": "CVE-2020-2765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2765"
    },
    {
      "name": "CVE-2019-15601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15601"
    },
    {
      "name": "CVE-2020-2898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2898"
    },
    {
      "name": "CVE-2020-2923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2923"
    },
    {
      "name": "CVE-2020-2924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2924"
    }
  ],
  "initial_release_date": "2020-04-15T00:00:00",
  "last_revision_date": "2020-04-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-218",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020 du 14 avril 2020",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020verbose du 14 avril 2020",
      "url": "https://www.oracle.com/security-alerts/cpuapr2020verbose.html#MSQL"
    }
  ]
}

CERTFR-2020-AVI-036

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle MySQL. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	MySQL	MySQL Client versions 5.6.46 et antérieures, 5.7.28 et antérieures, 8.0.18 et antérieures
Oracle	MySQL	MySQL Server versions 5.6.46 et antérieures, 5.7.28 et antérieures, 8.0.18 et antérieures
Oracle	MySQL	MySQL Connectors versions 5.3.13 et antérieures, 8.0.18 et antérieures
Oracle	MySQL	MySQL Enterprise Backup versions 3.12.4 et antérieures, 4.1.3 et antérieures
Oracle	MySQL	MySQL Cluster versions 7.3.27 et antérieures, 7.4.25 et antérieures, 7.5.15 et antérieures, 7.6.12 et antérieures
Oracle	MySQL	MySQL Workbench versions 8.0.18 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujan2020 du 14 janvier 2020	None	vendor-advisory
Bulletin de sécurité Oracle cpujan2020verbose du 14 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "MySQL Client versions 5.6.46 et ant\u00e9rieures, 5.7.28 et ant\u00e9rieures, 8.0.18 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Server versions 5.6.46 et ant\u00e9rieures, 5.7.28 et ant\u00e9rieures, 8.0.18 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Connectors versions 5.3.13 et ant\u00e9rieures, 8.0.18 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Enterprise Backup versions 3.12.4 et ant\u00e9rieures, 4.1.3 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Cluster versions 7.3.27 et ant\u00e9rieures, 7.4.25 et ant\u00e9rieures, 7.5.15 et ant\u00e9rieures, 7.6.12 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "MySQL Workbench versions 8.0.18 et ant\u00e9rieures",
      "product": {
        "name": "MySQL",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-2686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2686"
    },
    {
      "name": "CVE-2020-2694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2694"
    },
    {
      "name": "CVE-2020-2679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2679"
    },
    {
      "name": "CVE-2020-2574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2574"
    },
    {
      "name": "CVE-2020-2660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2660"
    },
    {
      "name": "CVE-2020-2579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2579"
    },
    {
      "name": "CVE-2020-2577",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2577"
    },
    {
      "name": "CVE-2020-2580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2580"
    },
    {
      "name": "CVE-2019-8457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
    },
    {
      "name": "CVE-2020-2627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2627"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2020-2589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2589"
    },
    {
      "name": "CVE-2020-2588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2588"
    },
    {
      "name": "CVE-2020-2573",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2573"
    },
    {
      "name": "CVE-2020-2572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2572"
    },
    {
      "name": "CVE-2020-2570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2570"
    },
    {
      "name": "CVE-2019-16168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16168"
    },
    {
      "name": "CVE-2020-2584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2584"
    }
  ],
  "initial_release_date": "2020-01-15T00:00:00",
  "last_revision_date": "2020-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle MySQL.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle MySQL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020 du 14 janvier 2020",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020verbose du 14 janvier 2020",
      "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html#MSQL"
    }
  ]
}

CERTFR-2019-AVI-511

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Virtualization	Oracle VM VirtualBox versions antérieures à 5.2.34
	Oracle	Virtualization	Oracle VM VirtualBox versions 6.0.x antérieures à 6.0.14

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpuoct2019-5072832 du 15 octobre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 5.2.34",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VM VirtualBox versions 6.0.x ant\u00e9rieures \u00e0 6.0.14",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-2984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2984"
    },
    {
      "name": "CVE-2019-3028",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3028"
    },
    {
      "name": "CVE-2019-3021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3021"
    },
    {
      "name": "CVE-2019-3026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3026"
    },
    {
      "name": "CVE-2019-2926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2926"
    },
    {
      "name": "CVE-2019-3005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3005"
    },
    {
      "name": "CVE-2019-3002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3002"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2019-2944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-2944"
    },
    {
      "name": "CVE-2019-3017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3017"
    },
    {
      "name": "CVE-2019-3031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3031"
    }
  ],
  "initial_release_date": "2019-10-16T00:00:00",
  "last_revision_date": "2019-10-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-511",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle\nVirtualization. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2019-5072832 du 15 octobre 2019",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixOVIR"
    }
  ]
}

CERTFR-2020-AVI-038

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Oracle Virtualization. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	Virtualization	Oracle VM VirtualBox versions antérieures à 5.2.36, antérieures à 6.0.16 et antérieures à 6.1.2
	Oracle	Virtualization	Oracle Secure Global Desktop versions 5.4 et 5.5

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle cpujan2020 du 14 janvier 2020	None	vendor-advisory
Bulletin de sécurité Oracle cpujan2020verbose du 14 janvier 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 5.2.36, ant\u00e9rieures \u00e0 6.0.16 et ant\u00e9rieures \u00e0 6.1.2",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Secure Global Desktop versions 5.4 et 5.5",
      "product": {
        "name": "Virtualization",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-2726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2726"
    },
    {
      "name": "CVE-2020-2678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2678"
    },
    {
      "name": "CVE-2020-2704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2704"
    },
    {
      "name": "CVE-2020-2703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2703"
    },
    {
      "name": "CVE-2020-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2692"
    },
    {
      "name": "CVE-2020-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2691"
    },
    {
      "name": "CVE-2020-2674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2674"
    },
    {
      "name": "CVE-2020-2727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2727"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2020-2693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2693"
    },
    {
      "name": "CVE-2020-2702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2702"
    },
    {
      "name": "CVE-2020-2689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2689"
    },
    {
      "name": "CVE-2020-2681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2681"
    },
    {
      "name": "CVE-2020-2705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2705"
    },
    {
      "name": "CVE-2020-2690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2690"
    },
    {
      "name": "CVE-2019-10092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10092"
    },
    {
      "name": "CVE-2020-2701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2701"
    },
    {
      "name": "CVE-2020-2725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2725"
    },
    {
      "name": "CVE-2019-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
    },
    {
      "name": "CVE-2020-2682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2682"
    },
    {
      "name": "CVE-2020-2698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-2698"
    },
    {
      "name": "CVE-2019-17091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17091"
    }
  ],
  "initial_release_date": "2020-01-15T00:00:00",
  "last_revision_date": "2020-01-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-038",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-01-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle\nVirtualization. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Virtualization",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020 du 14 janvier 2020",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020verbose du 14 janvier 2020",
      "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html#OVIR"
    }
  ]
}

CERTFR-2024-AVI-0180

Vulnerability from certfr_avis

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics versions 11.2.x antérieures à 11.2.4 Fix Pack 3
IBM	Cognos Analytics	Cognos Analytics versions 11.1.x antérieures à 11.1.7 Fix Pack 8
IBM	AIX	AIX versions 7.2 et 7.3 sans le dernier correctif de sécurité OpenSSH
IBM	Cognos Analytics	Cognos Analytics versions 12.0.x antérieures à 12.0.2
IBM	WebSphere	Websphere Liberty versions antérieures à 23.0.0.12
IBM	VIOS	VIOS versions 3.1 et 4.1 sans le dernier correctif de sécurité OpenSSH
IBM	Cloud Pak	Cognos Dashboards on Cloud Pak for Data versions antérieures à 4.8.3
IBM	N/A	Cognos Command Center versions antérieures à 10.2.5 IF1
IBM	Cognos Transformer	Cognos Transformer versions antérieures à 11.1.7 Fix Pack 8

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7112541 du 23 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7125640 du 28 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7124466 du 28 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7112504 du 28 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7125461 du 28 février 2024	None	vendor-advisory
Bulletin de sécurité IBM 7123154 du 23 février 2024	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 Fix Pack 3",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 11.1.x ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AIX versions 7.2 et 7.3 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
      "product": {
        "name": "AIX",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.2",
      "product": {
        "name": "Cognos Analytics",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Websphere Liberty versions ant\u00e9rieures \u00e0 23.0.0.12",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "VIOS versions 3.1 et 4.1 sans le dernier correctif de s\u00e9curit\u00e9 OpenSSH",
      "product": {
        "name": "VIOS",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Dashboards on Cloud Pak for Data versions ant\u00e9rieures \u00e0 4.8.3",
      "product": {
        "name": "Cloud Pak",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Command Center versions ant\u00e9rieures \u00e0 10.2.5 IF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Cognos Transformer versions ant\u00e9rieures \u00e0 11.1.7 Fix Pack 8",
      "product": {
        "name": "Cognos Transformer",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2021-44906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
    },
    {
      "name": "CVE-2023-21938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2023-21843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
    },
    {
      "name": "CVE-2022-21426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
    },
    {
      "name": "CVE-2021-35586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
    },
    {
      "name": "CVE-2023-1370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
    },
    {
      "name": "CVE-2023-45857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45857"
    },
    {
      "name": "CVE-2021-35550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
    },
    {
      "name": "CVE-2023-51385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
    },
    {
      "name": "CVE-2023-46234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
    },
    {
      "name": "CVE-2023-38359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38359"
    },
    {
      "name": "CVE-2021-3572",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3572"
    },
    {
      "name": "CVE-2023-21954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-21939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
    },
    {
      "name": "CVE-2023-21830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2022-21299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
    },
    {
      "name": "CVE-2023-50324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-50324"
    },
    {
      "name": "CVE-2023-44487",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
    },
    {
      "name": "CVE-2023-45133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45133"
    },
    {
      "name": "CVE-2020-28458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28458"
    },
    {
      "name": "CVE-2023-26115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26115"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2023-22081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22081"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2020-1971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
    },
    {
      "name": "CVE-2021-4160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4160"
    },
    {
      "name": "CVE-2021-35559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2021-43138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43138"
    },
    {
      "name": "CVE-2023-48795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
    },
    {
      "name": "CVE-2021-35565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
    },
    {
      "name": "CVE-2023-30589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30589"
    },
    {
      "name": "CVE-2021-23445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23445"
    },
    {
      "name": "CVE-2021-35603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
    },
    {
      "name": "CVE-2022-46364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46364"
    },
    {
      "name": "CVE-2021-3711",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2021-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3449"
    },
    {
      "name": "CVE-2022-40609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40609"
    },
    {
      "name": "CVE-2023-32344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32344"
    },
    {
      "name": "CVE-2023-43051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-43051"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2023-39410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
    },
    {
      "name": "CVE-2021-35588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
    },
    {
      "name": "CVE-2021-23839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
    },
    {
      "name": "CVE-2023-30588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30588"
    },
    {
      "name": "CVE-2012-5784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5784"
    },
    {
      "name": "CVE-2023-21937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2021-41035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41035"
    },
    {
      "name": "CVE-2023-2650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2650"
    },
    {
      "name": "CVE-2018-8032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8032"
    },
    {
      "name": "CVE-2022-21434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
    },
    {
      "name": "CVE-2023-2597",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2597"
    },
    {
      "name": "CVE-2022-34169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
    },
    {
      "name": "CVE-2023-22049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22049"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-41854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
    },
    {
      "name": "CVE-2021-35578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
    },
    {
      "name": "CVE-2021-28167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-28167"
    },
    {
      "name": "CVE-2023-5676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5676"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2021-31684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
    },
    {
      "name": "CVE-2023-46604",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46604"
    },
    {
      "name": "CVE-2010-2084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2084"
    },
    {
      "name": "CVE-2019-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0227"
    },
    {
      "name": "CVE-2021-3712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
    },
    {
      "name": "CVE-2023-21968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
    },
    {
      "name": "CVE-2023-21930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
    },
    {
      "name": "CVE-2023-24998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
    },
    {
      "name": "CVE-2022-34357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34357"
    },
    {
      "name": "CVE-2021-35564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
    },
    {
      "name": "CVE-2021-23840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
    },
    {
      "name": "CVE-2023-46158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46158"
    },
    {
      "name": "CVE-2014-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3596"
    },
    {
      "name": "CVE-2022-21496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
    },
    {
      "name": "CVE-2021-35556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
    },
    {
      "name": "CVE-2022-1471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
    },
    {
      "name": "CVE-2023-26136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
    },
    {
      "name": "CVE-2022-21443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2021-35560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-35560"
    },
    {
      "name": "CVE-2023-51384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-51384"
    },
    {
      "name": "CVE-2022-34165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34165"
    },
    {
      "name": "CVE-2023-30996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-30996"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2023-21967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
    }
  ],
  "initial_release_date": "2024-03-01T00:00:00",
  "last_revision_date": "2024-03-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0180",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-03-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits IBM\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7112541 du 23 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7112541"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7125640 du 28 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7125640"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7124466 du 28 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7124466"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7112504 du 28 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7112504"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7125461 du 28 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7125461"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7123154 du 23 f\u00e9vrier 2024",
      "url": "https://www.ibm.com/support/pages/node/7123154"
    }
  ]
}

CERTFR-2019-AVI-649

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Tenable Nessus Network Monitor (NNM), composant des produits Tenable.io, Industrial Security et Tenable.sc. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Tenable	Nessus Network Monitor	Nessus Network Monitor versions antérieures à 5.11.0

References

Title

Publication Time

Tags

Bulletin de sécurité Tenable tns-2019-08 du 19 décembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 5.11.0",
      "product": {
        "name": "Nessus Network Monitor",
        "vendor": {
          "name": "Tenable",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2542",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2542"
    },
    {
      "name": "CVE-2019-11358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
    },
    {
      "name": "CVE-2019-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2015-9251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-9251"
    }
  ],
  "initial_release_date": "2019-12-20T00:00:00",
  "last_revision_date": "2019-12-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-649",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus\nNetwork Monitor (NNM), composant des produits Tenable.io, Industrial\nSecurity et Tenable.sc. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Network Monitor",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2019-08 du 19 d\u00e9cembre 2019",
      "url": "https://fr.tenable.com/security/tns-2019-08"
    }
  ]
}

CERTFR-2019-AVI-444

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans OpenSSL. Elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
OpenSSL	OpenSSL	OpenSSL versions 1.0.2x antérieures à 1.0.2t
OpenSSL	OpenSSL	OpenSSL versions 1.1.1x antérieures à 1.1.1d
OpenSSL	OpenSSL	OpenSSL versions 1.1.0x antérieures à 1.1.0l

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL du 10 septembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL versions 1.0.2x ant\u00e9rieures \u00e0 1.0.2t",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.1.1x ant\u00e9rieures \u00e0 1.1.1d",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL versions 1.1.0x ant\u00e9rieures \u00e0 1.1.0l",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-1549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1549"
    },
    {
      "name": "CVE-2019-1547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1547"
    },
    {
      "name": "CVE-2019-1563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1563"
    }
  ],
  "initial_release_date": "2019-09-12T00:00:00",
  "last_revision_date": "2019-09-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-444",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-09-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSL. Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des\ndonn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 10 septembre 2019",
      "url": "https://www.openssl.org/news/secadv/20190910.txt"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-1547 (GCVE-0-2019-1547)

Vulnerability from cvelistv5

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature