Search criteria
11 vulnerabilities found for N/A by Centreon
CERTFR-2015-AVI-230
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les systèmes SCADA Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Schneider VAMPSET versions 2.2.145 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Schneider InduSoft Web Studio versions 7.1.3.4 et ant\u00e9rieures",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTFR-2015-AVI-230",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-05-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les syst\u00e8mes SCADA\n\u003cspan class=\"textit\"\u003eSchneider\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les syst\u00e8mes SCADA Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 25 mars 2015",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2015-084-01\u0026p_EnDocType=Brochure\u0026p_File_Id=768378039\u0026p_File_Name=SEVD-2015-084-01+VAMPSET+Software.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 10 avril 2015",
"url": "http://download.schneider-electric.com/files?p_Reference=SEVD-2015-100-01\u0026p_EnDocType=Brochure\u0026p_File_Id=782213040\u0026p_File_Name=SEVD-2015-100-01+InduSoft+Web+Studio_signed.pdf"
}
]
}
CERTFR-2014-AVI-362
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans EMC Documentum. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | N/A | EMC Documentum Capital Projects | ||
| Centreon | N/A | EMC Documentum Administrator | ||
| N/A | N/A | EMC Documentum Digital Asset Manager | ||
| Centreon | N/A | EMC Documentum Content Server | ||
| Centreon | Web | EMC Documentum Web Publisher | ||
| Centreon | N/A | EMC Documentum Engineering Plant Facilities Management Solution | ||
| N/A | N/A | EMC Documentum D2 | ||
| N/A | N/A | EMC Documentum Webtop | ||
| N/A | N/A | EMC Documentum Taskspace | ||
| Centreon | N/A | EMC Documentum WDK | ||
| N/A | N/A | EMC Documentum Records Manager | ||
| Centreon | N/A | EMC Documentum Records Client |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EMC Documentum Capital Projects",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Administrator",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Digital Asset Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Content Server",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Web Publisher",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Engineering Plant Facilities Management Solution",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum D2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Webtop",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Taskspace",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum WDK",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC Documentum Records Manager",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EMC Documentum Records Client",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-2521",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2521"
},
{
"name": "CVE-2014-4618",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4618"
},
{
"name": "CVE-2014-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2511"
},
{
"name": "CVE-2014-2515",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2515"
},
{
"name": "CVE-2014-0221",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0221"
},
{
"name": "CVE-2014-0195",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0195"
},
{
"name": "CVE-2014-2518",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2518"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-3470",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3470"
},
{
"name": "CVE-2014-0076",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0076"
},
{
"name": "CVE-2010-5298",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-5298"
},
{
"name": "CVE-2014-2520",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-2520"
},
{
"name": "CVE-2014-0198",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0198"
}
],
"links": [],
"reference": "CERTFR-2014-AVI-362",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2014-08-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eEMC Documentum\u003c/span\u003e. Certaines d\u0027entre elles permettent\n\u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, un\ncontournement de la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans EMC Documentum",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-067 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-92/ESA-2014-067.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-079 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-93/ESA-2014-079.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-073 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-90/ESA-2014-073.txt"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2014-059 du 20 ao\u00fbt 2014",
"url": "http://seclists.org/bugtraq/2014/Aug/att-91/ESA-2014-059.txt"
}
]
}
CERTA-2013-AVI-064
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Barracuda Networks. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | Barracuda Web Filter versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Message Archiver versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Virus Firewall versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Link Balancer versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Load Balancer versions antérieures à 2.0.5 | ||
| Centreon | Web | Barracuda Web Application Firewall versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda Spam versions antérieures à 2.0.5 | ||
| Centreon | N/A | Barracuda SSL VPN versions antérieures à 2.0.5 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Barracuda Web Filter versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Message Archiver versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Virus Firewall versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Link Balancer versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Load Balancer versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Web Application Firewall versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda Spam versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Barracuda SSL VPN versions ant\u00e9rieures \u00e0 2.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2013-AVI-064",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-01-25T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eBarracuda Networks\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Barracuda Networks",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Barracuda Networks du 23 janvier 2013",
"url": "https://www.barracudanetworks.com/support/techalerts"
}
]
}
CERTA-2012-AVI-696
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été corrigées dans les produits Hitachi. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Cosminexus version 5 | ||
| Centreon | Web | Hitachi Web Server de la version 04-00 à la version 04-20 | ||
| Centreon | N/A | Cosminexus version 7 | ||
| N/A | N/A | Cosminexus version 9 | ||
| Centreon | Web | Hitachi Web Server de la version 02-00 à la version 02-04 | ||
| Centreon | N/A | Cosminexus version 8 | ||
| Centreon | Web | Hitachi Web Server de la version 03-00 à la version 03-10 | ||
| N/A | N/A | Cosminexus version 6 | ||
| N/A | N/A | Cosminexus version 6.7 | ||
| Apache | HTTP Server | Cosminexus HTTP Server version 09-00 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cosminexus version 5",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 04-00 \u00e0 la version 04-20",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 7",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 02-00 \u00e0 la version 02-04",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 8",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Web Server de la version 03-00 \u00e0 la version 03-10",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus version 6",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cosminexus version 6.7",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cosminexus HTTP Server version 09-00",
"product": {
"name": "HTTP Server",
"vendor": {
"name": "Apache",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2687",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2687"
}
],
"links": [],
"reference": "CERTA-2012-AVI-696",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-12-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eHitachi\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Hitachi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS12-028 du 28 novembre 2012",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-028/index.html"
}
]
}
CERTA-2012-AVI-466
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans les produits EMC ApplicationXtender a été corrigée. Elle permet à un attaquant de téléverser des fichiers arbitraires sur le système. Ceux-ci peuvent ensuite être utilisés pour exécuter du code arbitraire à distance sur ce système.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EMC ApplicationXtender Web Access .NET versions 6.5 P1 et pr\u00e9c\u00e9dentes.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "EMC ApplicationXtender Desktop versions 6.5 P1 et pr\u00e9c\u00e9dentes ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-2289",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2289"
}
],
"links": [],
"reference": "CERTA-2012-AVI-466",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-08-28T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans les produits EMC ApplicationXtender a \u00e9t\u00e9\ncorrig\u00e9e. Elle permet \u00e0 un attaquant de t\u00e9l\u00e9verser des fichiers\narbitraires sur le syst\u00e8me. Ceux-ci peuvent ensuite \u00eatre utilis\u00e9s pour\nex\u00e9cuter du code arbitraire \u00e0 distance sur ce syst\u00e8me.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits EMC ApplicationXtender",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 EMC ESA-2012-039 du 23 ao\u00fbt 2012",
"url": "http://seclists.org/bugtraq/2012/Aug/att-167/ESA-2012-039.txt"
}
]
}
CERTA-2012-AVI-219
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont étés corrigées dans HP OpenVMS. Ces vulnérabilités affectent plusieurs éléments du produit. Elles permettent de contourner des politiques de sécurité, de s'élever des privilèges, d'effectuer des modifications non autorisées, de causer des dénis de service et d'accéder à des informations non permises.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | Web | HP Secure Web Server (SWS) pour OpenVMS utilisant CSWS_JAVA V3.1 et antérieures ; | ||
| Centreon | N/A | HP OpenVMS utilisant V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64 et V8.4 Alpha/IA64. | ||
| Centreon | N/A | HP Secure Web Server (SWS) pour OpenVMS utilisant PHP V2.2 et antérieures ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP Secure Web Server (SWS) pour OpenVMS utilisant CSWS_JAVA V3.1 et ant\u00e9rieures ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "HP OpenVMS utilisant V7.3-2 Alpha, V8.3 Alpha/IA64, V8.3-1h1 IA64 et V8.4 Alpha/IA64.",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "HP Secure Web Server (SWS) pour OpenVMS utilisant PHP V2.2 et ant\u00e9rieures ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2202"
},
{
"name": "CVE-2010-3870",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3870"
},
{
"name": "CVE-2010-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
},
{
"name": "CVE-2010-4697",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4697"
},
{
"name": "CVE-2010-3709",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3709"
},
{
"name": "CVE-2011-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2729"
},
{
"name": "CVE-2011-0421",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0421"
},
{
"name": "CVE-2011-3190",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
},
{
"name": "CVE-2010-3710",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3710"
},
{
"name": "CVE-2010-2100",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2100"
},
{
"name": "CVE-2010-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2484"
},
{
"name": "CVE-2009-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2901"
},
{
"name": "CVE-2010-2531",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2531"
},
{
"name": "CVE-2009-2693",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2693"
},
{
"name": "CVE-2009-2902",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-2902"
},
{
"name": "CVE-2010-4645",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4645"
},
{
"name": "CVE-2012-0134",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0134"
},
{
"name": "CVE-2009-0580",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0580"
},
{
"name": "CVE-2011-0752",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0752"
},
{
"name": "CVE-2009-3555",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
},
{
"name": "CVE-2011-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1092"
},
{
"name": "CVE-2010-1864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1864"
},
{
"name": "CVE-2011-0708",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0708"
},
{
"name": "CVE-2011-1184",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1184"
},
{
"name": "CVE-2011-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2526"
},
{
"name": "CVE-2011-1148",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1148"
},
{
"name": "CVE-2009-3548",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3548"
},
{
"name": "CVE-2010-2191",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2191"
},
{
"name": "CVE-2010-2101",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2101"
},
{
"name": "CVE-2009-0033",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0033"
},
{
"name": "CVE-2006-7243",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-7243"
},
{
"name": "CVE-2009-0781",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-0781"
},
{
"name": "CVE-2010-4698",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4698"
},
{
"name": "CVE-2010-2225",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2225"
},
{
"name": "CVE-2010-2097",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2097"
},
{
"name": "CVE-2011-1464",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1464"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2010-1860",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1860"
},
{
"name": "CVE-2010-2190",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2190"
},
{
"name": "CVE-2011-2204",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2204"
},
{
"name": "CVE-2010-1157",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1157"
},
{
"name": "CVE-2010-4150",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4150"
},
{
"name": "CVE-2011-1938",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1938"
},
{
"name": "CVE-2010-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1862"
}
],
"links": [],
"reference": "CERTA-2012-AVI-219",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9s corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP OpenVMS\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s affectent plusieurs\n\u00e9l\u00e9ments du produit. Elles permettent de contourner des politiques de\ns\u00e9curit\u00e9, de s\u0027\u00e9lever des privil\u00e8ges, d\u0027effectuer des modifications non\nautoris\u00e9es, de causer des d\u00e9nis de service et d\u0027acc\u00e9der \u00e0 des\ninformations non permises.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenVMS",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281867 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281867"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281831 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281831"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03281869 du 16 avril 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03281869"
}
]
}
CERTA-2010-AVI-037
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans des produits Hitachi permet à un utilisateur distant de provoquer un déni de service ou d'exécuter du code arbitraire.
Description
Une vulnérabilité de nature non-précisée par l'éditeur mais relative au traitement d'images est présente dans certains produits de la marque Hitachi. Cette faille permet à un utilisateur distant de provoquer un déni de service ou d'exécuter du code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Centreon | N/A | Cosminexus 7.x ; | ||
| Centreon | N/A | Hitachi Electronic Form Workflow 6.x ; | ||
| Centreon | N/A | Hitachi Processing Kit for XML ; | ||
| N/A | N/A | Cosminexus 8.x ; | ||
| Centreon | N/A | uCosminexus Application Server ; | ||
| Centreon | N/A | Cosminexus 5.x ; | ||
| N/A | N/A | uCosminexus Operator ; | ||
| SolarWinds | Platform | uCosminexus Service Platform ; | ||
| Centreon | N/A | uCosminexus Service Architect ; | ||
| N/A | N/A | Cosminexus 6.x ; | ||
| Centreon | N/A | Hitachi Developer's Kit for Java ; | ||
| Centreon | N/A | Electronic Form Workflow 7.x ; | ||
| Centreon | N/A | Groupmax Collaboration - Server ; | ||
| N/A | N/A | uCosminexus Collaboration - Server ; | ||
| Centreon | N/A | uCosminexus Developer ; | ||
| SolarWinds | Platform | uCosminexus Navigation Platform ; | ||
| Centreon | Web | Cosminexus/OpenTP1 Web Front-end Set ; | ||
| Centreon | Web | uCosminexus/OpenTP1 Web Front-end Set. | ||
| N/A | N/A | Cosminexus Server 4.x ; | ||
| N/A | N/A | Cosminexus Studio 4.x ; | ||
| N/A | N/A | uCosminexus Client ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cosminexus 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Electronic Form Workflow 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Hitachi Processing Kit for XML ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "uCosminexus Application Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "uCosminexus Operator ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "uCosminexus Service Platform ;",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "uCosminexus Service Architect ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Hitachi Developer\u0027s Kit for Java ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Electronic Form Workflow 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Groupmax Collaboration - Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "uCosminexus Collaboration - Server ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "uCosminexus Developer ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "uCosminexus Navigation Platform ;",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
},
{
"description": "Cosminexus/OpenTP1 Web Front-end Set ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "uCosminexus/OpenTP1 Web Front-end Set.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Cosminexus Server 4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cosminexus Studio 4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "uCosminexus Client ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de nature non-pr\u00e9cis\u00e9e par l\u0027\u00e9diteur mais relative au\ntraitement d\u0027images est pr\u00e9sente dans certains produits de la marque\nHitachi. Cette faille permet \u00e0 un utilisateur distant de provoquer un\nd\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS09-019 du 29 janvier 2010 :",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-019/index.html"
}
],
"reference": "CERTA-2010-AVI-037",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans des produits Hitachi permet \u00e0 un utilisateur\ndistant de provoquer un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code\narbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 des produits Hitachi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Hitachi HS09-019 du 29 janvier 2010",
"url": null
}
]
}
CERTA-2008-AVI-366
Vulnerability from certfr_avis - Published: - Updated:None
Description
Plusieurs vulnérabilités découvertes dans la machine virtuelle Java de Sun permettent à un utilisateur distant malintentionné de contourner la politique de sécurité, de porter atteinte à la confidentialité et/ou à l'intégrité des données, de provoquer un déni de service, d'éléver ses privilèges ou d'exécuter du code.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Sun Java JRE 1.4.x ; | ||
| N/A | N/A | Sun Java JRE 1.5.x ; | ||
| Centreon | Web | Java Web Start 1.x ; | ||
| N/A | N/A | Sun Java SDK 1.3.x ; | ||
| N/A | N/A | Sun Java JRE 6.x ; | ||
| N/A | N/A | Sun Java SDK 1.4.x. | ||
| Centreon | Web | Java Web Start 3.x ; | ||
| Centreon | N/A | Sun Java JDK 1.6.x ; | ||
| Centreon | N/A | Sun Java JRE 5.x ; | ||
| Centreon | Web | Java Web Start 2.x ; | ||
| Centreon | N/A | Sun Java JRE 1.6.x ; | ||
| Centreon | N/A | Sun Java JRE 1.3.x ; | ||
| Centreon | N/A | Sun Java JDK 1.5.x ; |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun Java JRE 1.4.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Java JRE 1.5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Java Web Start 1.x ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java SDK 1.3.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Java JRE 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Java SDK 1.4.x.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Java Web Start 3.x ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java JDK 1.6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java JRE 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Java Web Start 2.x ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java JRE 1.6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java JRE 1.3.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java JDK 1.5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans la machine virtuelle Java de\nSun permettent \u00e0 un utilisateur distant malintentionn\u00e9 de contourner la\npolitique de s\u00e9curit\u00e9, de porter atteinte \u00e0 la confidentialit\u00e9 et/ou \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es, de provoquer un d\u00e9ni de service, d\u0027\u00e9l\u00e9ver ses\nprivil\u00e8ges ou d\u0027ex\u00e9cuter du code.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-3114",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3114"
},
{
"name": "CVE-2008-3115",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3115"
},
{
"name": "CVE-2008-3106",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3106"
},
{
"name": "CVE-2008-3108",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3108"
},
{
"name": "CVE-2008-3111",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3111"
},
{
"name": "CVE-2008-3113",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3113"
},
{
"name": "CVE-2008-3104",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3104"
},
{
"name": "CVE-2008-3110",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3110"
},
{
"name": "CVE-2008-3109",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3109"
},
{
"name": "CVE-2008-3103",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3103"
},
{
"name": "CVE-2008-3112",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3112"
},
{
"name": "CVE-2008-3107",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3107"
},
{
"name": "CVE-2008-3105",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-3105"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE-SA:2008:043 du 04 septembre 2008 :",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun #238905 du 08 juillet 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238905-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:1043 du 18 d\u00e9cembre 2008\u00a0:",
"url": "https://rhn.redhat.com/errata/RHSA-2008-1043.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun #238967 du 08 juillet 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238967-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 SUSE-SA:2008:042 du 25 ao\u00fbt 2008 :",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun #238628 du 08 juillet 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238628-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun #238687 du 08 juillet 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238687-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun #238968 du 08 juillet 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun #238966 du 08 juillet 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238966-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0906 du 24 octobre 2008\u00a0:",
"url": "https://rhn.redhat.com/errata/RHSA-2008-0906.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0955 du 25 novembre 2008\u00a0:",
"url": "https://rhn.redhat.com/errata/RHSA-2008-0955.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:1044 du 18 d\u00e9cembre 2008\u00a0:",
"url": "https://rhn.redhat.com/errata/RHSA-2008-1044.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0790 du 31 juillet 2008 :",
"url": "https://rhn.redhat.com/errata/RHSA-2008-0790.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:0595 du 14 juillet 2008 :",
"url": "https://rhn.redhat.com/errata/RHSA-2008-0595.html"
},
{
"title": "Bulletin de r\u00e9sum\u00e9 de s\u00e9curit\u00e9 SUSE-SR:2008:028 du 16 d\u00e9cembre 2008\u00a0:",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun #238666 du 08 juillet 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238666-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Red Hat RHSA-2008:1045 du 18 d\u00e9cembre 2008\u00a0:",
"url": "https://rhn.redhat.com/errata/RHSA-2008-1045.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Sun #238965 du 08 juillet 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238965-1"
}
],
"reference": "CERTA-2008-AVI-366",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-07-11T00:00:00.000000"
},
{
"description": "ajout des r\u00e9f\u00e9rences aux bulletins SuSE et Red Hat.",
"revision_date": "2008-09-18T00:00:00.000000"
},
{
"description": "ajout de nouvelles r\u00e9f\u00e9rences Red Hat.",
"revision_date": "2008-12-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": null,
"title": "Multiples vuln\u00e9rabilit\u00e9s dans la machine virtuelle Java de Sun",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 Sun du 08 juillet 2008",
"url": null
}
]
}
CERTA-2008-AVI-118
Vulnerability from certfr_avis - Published: - Updated:
Plusieurs vulnérabilités dans les produits Java précédemment cités permettent à un utilisateur malveillant de contourner, sous diverses formes, la politique de sécurité.
Description
Douze vulnérabilités ont été identifiées dans les produits Java listés ci-dessus. Ces vulnérabilités permettent à un utilisateur malveillant :
- d'exécuter du code arbitraire, localement ou à distance ;
- de provoquer un déni de service à distance ;
- de contourner la politique de sécurité ;
- de porter atteinte à l'intégrité ou à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun Java JDK 1.5.x et 1.6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Java Web Start 1.x et 6.x ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java SDK 1.3.1_21 et pr\u00e9c\u00e9dents, 1.4.2_16 et pr\u00e9c\u00e9dents.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Java JRE 1.4.x, 1.5.x et 1.6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDouze vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits Java list\u00e9s\nci-dessus. Ces vuln\u00e9rabilit\u00e9s permettent \u00e0 un utilisateur malveillant :\n\n- d\u0027ex\u00e9cuter du code arbitraire, localement ou \u00e0 distance ;\n- de provoquer un d\u00e9ni de service \u00e0 distance ;\n- de contourner la politique de s\u00e9curit\u00e9 ;\n- de porter atteinte \u00e0 l\u0027int\u00e9grit\u00e9 ou \u00e0 la confidentialit\u00e9 des\n donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2008-1190",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1190"
},
{
"name": "CVE-2008-1188",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1188"
},
{
"name": "CVE-2008-1193",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1193"
},
{
"name": "CVE-2008-1189",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1189"
},
{
"name": "CVE-2008-1191",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1191"
},
{
"name": "CVE-2008-1195",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1195"
},
{
"name": "CVE-2008-1187",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1187"
},
{
"name": "CVE-2008-1192",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1192"
},
{
"name": "CVE-2008-1185",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1185"
},
{
"name": "CVE-2008-1196",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1196"
},
{
"name": "CVE-2008-1186",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1186"
},
{
"name": "CVE-2008-1194",
"url": "https://www.cve.org/CVERecord?id=CVE-2008-1194"
}
],
"links": [
{
"title": "Bulletins de s\u00e9curit\u00e9 Sun du 04 mars 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233321-1"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Sun du 04 mars 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233327-1"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Sun du 04 mars 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233325-1"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Sun du 04 mars 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233324-1"
},
{
"title": "Alerte de s\u00e9curit\u00e9 de l\u0027US-CERT TA08-066A du 06 mars 2008 :",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Sun du 04 mars 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233322-1"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Sun du 04 mars 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233326-1"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Sun du 04 mars 2008 :",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-233323-1"
}
],
"reference": "CERTA-2008-AVI-118",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2008-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans les produits Java pr\u00e9c\u00e9demment cit\u00e9s\npermettent \u00e0 un utilisateur malveillant de contourner, sous diverses\nformes, la politique de s\u00e9curit\u00e9.\n",
"title": "Vuln\u00e9rabilit\u00e9s de Java",
"vendor_advisories": [
{
"published_at": null,
"title": "Alerte TA08-066A de l\u0027US-CERT",
"url": null
}
]
}
CERTA-2007-AVI-301
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans la machine virtuelle Java de Sun ainsi que dans un produit associé : Java System Web Application Server permet à un utilisateur distant d'exécuter du code arbitraire.
Description
La machine virtuelle Java de Sun comporte une vulnérabilité dans la mise en œuvre du traitement des fichiers au format XSLT (eXtended Stylesheet Language Transformations) permettant la manipulation de signatures au format XML (eXtensible Markup Language) . Il est donc possible à un utilisateur distant malintentionné d'exécuter du code arbitraire par le biais d'une signature XML construite de façon particulière.
Solution
Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun Java System Web Application Server 8.x ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java System Web Application Server 9.x.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java JDK 1.6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java System Web Server 7.x ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java JRE 1.6.x (6.x) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Description\n\nLa machine virtuelle Java de Sun comporte une vuln\u00e9rabilit\u00e9 dans la mise\nen \u0153uvre du traitement des fichiers au format XSLT (eXtended Stylesheet\nLanguage Transformations) permettant la manipulation de signatures au\nformat XML (eXtensible Markup Language) . Il est donc possible \u00e0 un\nutilisateur distant malintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire par le\nbiais d\u0027une signature XML construite de fa\u00e7on particuli\u00e8re.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2007-AVI-301",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans la machine virtuelle Java de Sun ainsi que dans\nun produit associ\u00e9 : Java System Web Application Server permet \u00e0 un\nutilisateur distant d\u0027ex\u00e9cuter du code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans la machine virtuelle Java de Sun",
"vendor_advisories": [
{
"published_at": "2007-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Sun #102993 relatif \u00e0 JRE et JDK",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102993-1"
},
{
"published_at": "2007-07-10",
"title": "Bulletin de s\u00e9curit\u00e9 Sun relatif \u00e0 Java System Web Application Server",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102992-1"
}
]
}
CERTA-2006-AVI-528
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans les produits Sun Java System permet à un utilisateur distant malintentionné de contourner la politique de sécurité, de réaliser des attaques de type Cross Site Scripting ou de polluer le cache du serveur.
Description
Une vulnérabilité dans certaines applications Sun Java System est causée par une erreur dans la gestion des requêtes HTTP par Sun Java System Proxy Server, dans la mesure où Sun Java System Web Server ou Sun Java System Application Server est installé sur le système. Cette vulnérabilité peut être exploitée par un utilisateur distant malintentionné afin de réaliser une attaque de type Cross Site Scripting ou de contourner la politique de sécurité ou de compromettre le cache du serveur web mandataire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Sun Java System Application Server 8.x ; | ||
| Centreon | N/A | Sun Java System Application Server (Sun ONE) 7.x ; | ||
| Centreon | Web | Sun Java System Web Proxy Server 3.x ; | ||
| Centreon | Web | Sun Java System Web Proxy Server 4.x ; | ||
| Centreon | Web | Sun Java System Web Server (Sun ONE/iPlanet) 6.x. |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun Java System Application Server 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Sun Java System Application Server (Sun ONE) 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java System Web Proxy Server 3.x ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java System Web Proxy Server 4.x ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Sun Java System Web Server (Sun ONE/iPlanet) 6.x.",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans certaines applications Sun Java System est caus\u00e9e\npar une erreur dans la gestion des requ\u00eates HTTP par Sun Java System\nProxy Server, dans la mesure o\u00f9 Sun Java System Web Server ou Sun Java\nSystem Application Server est install\u00e9 sur le syst\u00e8me. Cette\nvuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un utilisateur distant\nmalintentionn\u00e9 afin de r\u00e9aliser une attaque de type Cross Site Scripting\nou de contourner la politique de s\u00e9curit\u00e9 ou de compromettre le cache du\nserveur web mandataire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2006-AVI-528",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-12-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Pollution du cache du serveur mandataire ( proxy )"
},
{
"description": "Attaques de type cross site scripting"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans les produits Sun Java System permet \u00e0 un\nutilisateur distant malintentionn\u00e9 de contourner la politique de\ns\u00e9curit\u00e9, de r\u00e9aliser des attaques de type Cross Site Scripting ou de\npolluer le cache du serveur.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Sun Java System",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Sun #102733 du 30 novembre 2006",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102733-1"
}
]
}