Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    178 vulnerabilities found for N/A by Oracle

    CERTFR-2024-AVI-0320

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle VirtualBox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle VM Virtualbox versions antérieures à 7.0.16
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle VM Virtualbox versions ant\u00e9rieures \u00e0 7.0.16",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2024-21103",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21103"
        },
        {
          "name": "CVE-2024-21121",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21121"
        },
        {
          "name": "CVE-2024-21113",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21113"
        },
        {
          "name": "CVE-2024-21111",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21111"
        },
        {
          "name": "CVE-2024-21107",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21107"
        },
        {
          "name": "CVE-2024-21108",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21108"
        },
        {
          "name": "CVE-2024-21114",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21114"
        },
        {
          "name": "CVE-2024-21106",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21106"
        },
        {
          "name": "CVE-2024-21112",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21112"
        },
        {
          "name": "CVE-2024-21115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21115"
        },
        {
          "name": "CVE-2024-21109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21109"
        },
        {
          "name": "CVE-2024-21116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21116"
        },
        {
          "name": "CVE-2024-21110",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21110"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-0320",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-04-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle VirtualBox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle VirtualBox",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
          "url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
          "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
        }
      ]
    }

    CERTFR-2024-AVI-0324

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle Solaris Cluster version 4 sans les derniers correctifs de sécurité
    Oracle N/A Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de sécurité
    Oracle N/A Oracle Solaris version 11 sans les derniers correctifs de sécurité
    Oracle N/A Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de sécurité
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Solaris Cluster version 4 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-1370",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
        },
        {
          "name": "CVE-2022-45688",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
        },
        {
          "name": "CVE-2021-36373",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
        },
        {
          "name": "CVE-2022-34381",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
        },
        {
          "name": "CVE-2024-21105",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21105"
        },
        {
          "name": "CVE-2023-1436",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
        },
        {
          "name": "CVE-2020-29508",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
        },
        {
          "name": "CVE-2021-36374",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
        },
        {
          "name": "CVE-2021-37533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
        },
        {
          "name": "CVE-2024-21059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21059"
        },
        {
          "name": "CVE-2020-35164",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
        },
        {
          "name": "CVE-2022-42004",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
        },
        {
          "name": "CVE-2023-20863",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
        },
        {
          "name": "CVE-2022-42920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
        },
        {
          "name": "CVE-2022-42890",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
        },
        {
          "name": "CVE-2024-21104",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21104"
        },
        {
          "name": "CVE-2020-35166",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
        },
        {
          "name": "CVE-2020-35163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
        },
        {
          "name": "CVE-2020-35168",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
        },
        {
          "name": "CVE-2023-24998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
        },
        {
          "name": "CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "name": "CVE-2022-36033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
        },
        {
          "name": "CVE-2024-20999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20999"
        },
        {
          "name": "CVE-2022-24839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
        },
        {
          "name": "CVE-2022-41704",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
        },
        {
          "name": "CVE-2020-35167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-0324",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-04-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
          "url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
          "url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
        }
      ]
    }

    CERTFR-2024-AVI-0048

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle Solaris version 11 sans les derniers correctifs de sécurité
    Oracle N/A Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de sécurité
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2024-20959",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20959"
        },
        {
          "name": "CVE-2023-21833",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21833"
        },
        {
          "name": "CVE-2024-20946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20946"
        },
        {
          "name": "CVE-2024-20920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20920"
        },
        {
          "name": "CVE-2024-20914",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-20914"
        }
      ],
      "links": [],
      "reference": "CERTFR-2024-AVI-0048",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2024-01-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024verbose du 16 janvier 2024",
          "url": "https://www.oracle.com/security-alerts/cpujan2024verbose.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024 du 16 janvier 2024",
          "url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixSUNS"
        }
      ]
    }

    CERTFR-2023-AVI-0865

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Sun ZFS Storage Appliance version 8.8.60 sans les derniers correctifs de sécurité
    Oracle N/A Oracle Solaris versions 10 et 11 sans les derniers correctifs de sécurité
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Sun ZFS Storage Appliance version 8.8.60 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris versions 10 et 11 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-22128",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22128"
        },
        {
          "name": "CVE-2023-22129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22129"
        },
        {
          "name": "CVE-2023-22130",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22130"
        }
      ],
      "links": [],
      "reference": "CERTFR-2023-AVI-0865",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-10-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023verbose du 17 octobre 2023",
          "url": "https://www.oracle.com/security-alerts/cpuoct2023verbose.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023 du 17 octobre 2023",
          "url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
        }
      ]
    }

    CERTFR-2023-AVI-0565

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans Oracle Systems. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Solaris version 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Solaris version 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-22023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22023"
        }
      ],
      "links": [],
      "reference": "CERTFR-2023-AVI-0565",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-07-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle Systems. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire.\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
          "url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
          "url": "https://www.oracle.com/security-alerts/cpujul2023.html"
        }
      ]
    }

    CERTFR-2023-AVI-0325

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle Java SE Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20
    Oracle Database Server Oracle Database Server 19c, 21c
    Oracle N/A Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1
    Oracle PeopleSoft Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2
    Oracle Virtualization Oracle Virtualization versions 6.1.x antérieures à 6.1.44
    Oracle MySQL Oracle MySQL versions 8.0.33 et antérieures
    Oracle Systems Oracle Systems versions 10, 11
    Oracle Virtualization Oracle Virtualization versions 7.0.x antérieures à 7.0.8
    Oracle MySQL Oracle MySQL versions 5.7.41 et antérieures
    Oracle Weblogic Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20",
          "product": {
            "name": "Java SE",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database Server 19c, 21c",
          "product": {
            "name": "Database Server",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2",
          "product": {
            "name": "PeopleSoft",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Virtualization versions 6.1.x ant\u00e9rieures \u00e0 6.1.44",
          "product": {
            "name": "Virtualization",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle MySQL versions 8.0.33 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Systems versions 10, 11",
          "product": {
            "name": "Systems",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Virtualization versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
          "product": {
            "name": "Virtualization",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle MySQL versions 5.7.41 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
          "product": {
            "name": "Weblogic",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-21938",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
        },
        {
          "name": "CVE-2023-21916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21916"
        },
        {
          "name": "CVE-2023-21985",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21985"
        },
        {
          "name": "CVE-2023-21979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21979"
        },
        {
          "name": "CVE-2023-21986",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21986"
        },
        {
          "name": "CVE-2020-14343",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
        },
        {
          "name": "CVE-2023-21954",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
        },
        {
          "name": "CVE-2023-21940",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21940"
        },
        {
          "name": "CVE-2023-21939",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
        },
        {
          "name": "CVE-2023-21962",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21962"
        },
        {
          "name": "CVE-2022-31160",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
        },
        {
          "name": "CVE-2022-45061",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
        },
        {
          "name": "CVE-2023-21917",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21917"
        },
        {
          "name": "CVE-2023-21984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21984"
        },
        {
          "name": "CVE-2023-21956",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21956"
        },
        {
          "name": "CVE-2023-0215",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
        },
        {
          "name": "CVE-2023-21945",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21945"
        },
        {
          "name": "CVE-2022-42916",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
        },
        {
          "name": "CVE-2023-21966",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21966"
        },
        {
          "name": "CVE-2023-21947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21947"
        },
        {
          "name": "CVE-2023-22002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22002"
        },
        {
          "name": "CVE-2023-21981",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21981"
        },
        {
          "name": "CVE-2023-21987",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21987"
        },
        {
          "name": "CVE-2023-21977",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
        },
        {
          "name": "CVE-2023-21971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21971"
        },
        {
          "name": "CVE-2023-21999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21999"
        },
        {
          "name": "CVE-2023-21928",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21928"
        },
        {
          "name": "CVE-2023-21972",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21972"
        },
        {
          "name": "CVE-2023-21960",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21960"
        },
        {
          "name": "CVE-2021-37533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
        },
        {
          "name": "CVE-2023-21990",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21990"
        },
        {
          "name": "CVE-2023-22000",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22000"
        },
        {
          "name": "CVE-2023-21913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21913"
        },
        {
          "name": "CVE-2023-23918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
        },
        {
          "name": "CVE-2021-36090",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
        },
        {
          "name": "CVE-2023-21963",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
        },
        {
          "name": "CVE-2023-21980",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
        },
        {
          "name": "CVE-2020-6950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
        },
        {
          "name": "CVE-2023-21996",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21996"
        },
        {
          "name": "CVE-2022-40152",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
        },
        {
          "name": "CVE-2023-21953",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21953"
        },
        {
          "name": "CVE-2023-21934",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21934"
        },
        {
          "name": "CVE-2023-22003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22003"
        },
        {
          "name": "CVE-2023-21998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21998"
        },
        {
          "name": "CVE-2022-37434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
        },
        {
          "name": "CVE-2023-21946",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21946"
        },
        {
          "name": "CVE-2023-21933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21933"
        },
        {
          "name": "CVE-2023-21931",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21931"
        },
        {
          "name": "CVE-2023-21937",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
        },
        {
          "name": "CVE-2022-45143",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
        },
        {
          "name": "CVE-2023-21896",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21896"
        },
        {
          "name": "CVE-2022-43551",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
        },
        {
          "name": "CVE-2023-21964",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21964"
        },
        {
          "name": "CVE-2021-22569",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
        },
        {
          "name": "CVE-2022-34169",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
        },
        {
          "name": "CVE-2022-43548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
        },
        {
          "name": "CVE-2023-21920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21920"
        },
        {
          "name": "CVE-2022-45685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
        },
        {
          "name": "CVE-2023-21918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21918"
        },
        {
          "name": "CVE-2023-21992",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21992"
        },
        {
          "name": "CVE-2023-21911",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21911"
        },
        {
          "name": "CVE-2023-21976",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21976"
        },
        {
          "name": "CVE-2021-31684",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
        },
        {
          "name": "CVE-2023-21968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
        },
        {
          "name": "CVE-2023-21991",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21991"
        },
        {
          "name": "CVE-2023-21989",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21989"
        },
        {
          "name": "CVE-2023-21982",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21982"
        },
        {
          "name": "CVE-2023-21930",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
        },
        {
          "name": "CVE-2023-24998",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
        },
        {
          "name": "CVE-2023-21935",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21935"
        },
        {
          "name": "CVE-2020-25638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
        },
        {
          "name": "CVE-2023-21955",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21955"
        },
        {
          "name": "CVE-2023-21988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21988"
        },
        {
          "name": "CVE-2022-1471",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
        },
        {
          "name": "CVE-2022-45047",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
        },
        {
          "name": "CVE-2022-36033",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
        },
        {
          "name": "CVE-2023-21912",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
        },
        {
          "name": "CVE-2023-21929",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21929"
        },
        {
          "name": "CVE-2023-21967",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
        },
        {
          "name": "CVE-2023-22001",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-22001"
        },
        {
          "name": "CVE-2022-41881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
        },
        {
          "name": "CVE-2023-21948",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21948"
        },
        {
          "name": "CVE-2023-21919",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21919"
        }
      ],
      "links": [],
      "reference": "CERTFR-2023-AVI-0325",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-04-19T00:00:00.000000"
        },
        {
          "description": "Correction coquilles.",
          "revision_date": "2023-04-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2023 du 18 avril 2023",
          "url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
        }
      ]
    }

    CERTFR-2023-AVI-0034

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle MySQL MySQL Cluster versions 7.5.28 et antérieures
    Oracle MySQL MySQL Shell versions 8.0.31 et antérieures
    Oracle PeopleSoft PeopleSoft Enterprise CC Common Application Objects version 9.2
    Oracle MySQL MySQL Server versions 5.7.40 et antérieures
    Oracle MySQL MySQL Cluster versions 7.6.24 et antérieures
    Oracle Java SE Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1
    Oracle MySQL MySQL Connectors versions 8.0.31 et antérieures
    Oracle Weblogic Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0
    Oracle N/A Oracle VM VirtualBox versions antérieures à 7.0.6
    Oracle MySQL MySQL Workbench versions 8.0.31 et antérieures
    Oracle MySQL MySQL Enterprise Monitor versions 8.0.32 et antérieures
    Oracle Database Server Oracle Database Server versions 19c, 21c [Perl] antérieures à 5.35
    Oracle MySQL MySQL Cluster versions 8.0.31 et antérieures
    Oracle MySQL MySQL Server versions 8.0.31 et antérieures
    Oracle PeopleSoft PeopleSoft Enterprise CS Academic Advisement version 9.2
    Oracle N/A Oracle VM VirtualBox versions antérieures à 6.1.42
    Oracle MySQL MySQL Cluster versions 7.4.38 et antérieures
    Oracle PeopleSoft PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "MySQL Cluster versions 7.5.28 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Shell versions 8.0.31 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "PeopleSoft Enterprise CC Common Application Objects version 9.2",
          "product": {
            "name": "PeopleSoft",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Server versions 5.7.40 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Cluster versions 7.6.24 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1",
          "product": {
            "name": "Java SE",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Connectors versions 8.0.31 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
          "product": {
            "name": "Weblogic",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 7.0.6",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Workbench versions 8.0.31 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Enterprise Monitor versions 8.0.32 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database Server versions 19c, 21c [Perl] ant\u00e9rieures \u00e0 5.35",
          "product": {
            "name": "Database Server",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Cluster versions 8.0.31 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Server versions 8.0.31 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "PeopleSoft Enterprise CS Academic Advisement version 9.2",
          "product": {
            "name": "PeopleSoft",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 6.1.42",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "MySQL Cluster versions 7.4.38 et ant\u00e9rieures",
          "product": {
            "name": "MySQL",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60",
          "product": {
            "name": "PeopleSoft",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-21900",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21900"
        },
        {
          "name": "CVE-2022-31129",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
        },
        {
          "name": "CVE-2023-21843",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
        },
        {
          "name": "CVE-2022-24407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
        },
        {
          "name": "CVE-2023-21893",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21893"
        },
        {
          "name": "CVE-2023-21877",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
        },
        {
          "name": "CVE-2023-21885",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21885"
        },
        {
          "name": "CVE-2022-22971",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
        },
        {
          "name": "CVE-2023-21865",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
        },
        {
          "name": "CVE-2023-21898",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21898"
        },
        {
          "name": "CVE-2023-21881",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
        },
        {
          "name": "CVE-2023-21830",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
        },
        {
          "name": "CVE-2022-25647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
        },
        {
          "name": "CVE-2023-21874",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
        },
        {
          "name": "CVE-2023-21838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21838"
        },
        {
          "name": "CVE-2023-21878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
        },
        {
          "name": "CVE-2020-10735",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
        },
        {
          "name": "CVE-2022-27782",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
        },
        {
          "name": "CVE-2023-21883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
        },
        {
          "name": "CVE-2022-40153",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
        },
        {
          "name": "CVE-2022-42252",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
        },
        {
          "name": "CVE-2022-40149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
        },
        {
          "name": "CVE-2023-21889",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21889"
        },
        {
          "name": "CVE-2018-7489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
        },
        {
          "name": "CVE-2023-21875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
        },
        {
          "name": "CVE-2023-21872",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
        },
        {
          "name": "CVE-2023-21841",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21841"
        },
        {
          "name": "CVE-2022-40150",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
        },
        {
          "name": "CVE-2023-21864",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21864"
        },
        {
          "name": "CVE-2023-21840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
        },
        {
          "name": "CVE-2022-1941",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
        },
        {
          "name": "CVE-2022-31692",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
        },
        {
          "name": "CVE-2018-25032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
        },
        {
          "name": "CVE-2023-21866",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
        },
        {
          "name": "CVE-2023-21842",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21842"
        },
        {
          "name": "CVE-2023-21845",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21845"
        },
        {
          "name": "CVE-2022-39429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-39429"
        },
        {
          "name": "CVE-2023-21860",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21860"
        },
        {
          "name": "CVE-2023-21844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21844"
        },
        {
          "name": "CVE-2022-32221",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
        },
        {
          "name": "CVE-2022-37434",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
        },
        {
          "name": "CVE-2023-21871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
        },
        {
          "name": "CVE-2023-21839",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21839"
        },
        {
          "name": "CVE-2023-21887",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
        },
        {
          "name": "CVE-2023-21835",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
        },
        {
          "name": "CVE-2021-3737",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
        },
        {
          "name": "CVE-2023-21873",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
        },
        {
          "name": "CVE-2023-21863",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
        },
        {
          "name": "CVE-2023-21876",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
        },
        {
          "name": "CVE-2020-36242",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
        },
        {
          "name": "CVE-2023-21867",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
        },
        {
          "name": "CVE-2023-21899",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21899"
        },
        {
          "name": "CVE-2023-21869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
        },
        {
          "name": "CVE-2022-42920",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
        },
        {
          "name": "CVE-2022-43548",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
        },
        {
          "name": "CVE-2023-21836",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
        },
        {
          "name": "CVE-2023-21827",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21827"
        },
        {
          "name": "CVE-2023-21870",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
        },
        {
          "name": "CVE-2022-25857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
        },
        {
          "name": "CVE-2023-21879",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
        },
        {
          "name": "CVE-2021-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
        },
        {
          "name": "CVE-2023-21882",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21882"
        },
        {
          "name": "CVE-2023-21886",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21886"
        },
        {
          "name": "CVE-2023-21837",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21837"
        },
        {
          "name": "CVE-2023-21831",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21831"
        },
        {
          "name": "CVE-2022-42003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
        },
        {
          "name": "CVE-2022-40304",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
        },
        {
          "name": "CVE-2023-21880",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
        },
        {
          "name": "CVE-2022-3171",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
        },
        {
          "name": "CVE-2022-23219",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
        },
        {
          "name": "CVE-2023-21829",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21829"
        },
        {
          "name": "CVE-2023-21884",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21884"
        },
        {
          "name": "CVE-2023-21868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-21868"
        }
      ],
      "links": [],
      "reference": "CERTFR-2023-AVI-0034",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-01-18T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2023 du 18 janvier 2023",
          "url": "https://www.oracle.com/security-alerts/cpujan2023.html"
        }
      ]
    }

    CERTFR-2022-AVI-933

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle Solaris Cluster version 4
    Oracle N/A Oracle Solaris version 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Solaris Cluster version 4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris version 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2022-21610",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21610"
        },
        {
          "name": "CVE-2021-40690",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
        },
        {
          "name": "CVE-2022-39417",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-39417"
        },
        {
          "name": "CVE-2022-39401",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-39401"
        },
        {
          "name": "CVE-2022-23437",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
        },
        {
          "name": "CVE-2020-36518",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
        },
        {
          "name": "CVE-2021-44832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
        },
        {
          "name": "CVE-2022-29577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29577"
        }
      ],
      "links": [],
      "reference": "CERTFR-2022-AVI-933",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-10-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2022 du 18 octobre 2022",
          "url": "https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixSUNS"
        }
      ]
    }

    CERTFR-2022-AVI-657

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle E-Business Suite. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle E-Business Suite versions 12.2.3 à 12.2.11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle E-Business Suite versions 12.2.3 \u00e0 12.2.11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2022-21566",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21566"
        },
        {
          "name": "CVE-2022-21567",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21567"
        },
        {
          "name": "CVE-2022-23305",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
        },
        {
          "name": "CVE-2022-21568",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21568"
        },
        {
          "name": "CVE-2022-21500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21500"
        },
        {
          "name": "CVE-2022-21545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21545"
        }
      ],
      "links": [],
      "reference": "CERTFR-2022-AVI-657",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-07-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle E-Business\nSuite. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle E-Business Suite",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixEBS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
          "url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#EBS"
        }
      ]
    }

    CERTFR-2022-AVI-660

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle ZFS Storage Appliance Kit version 8.8
    Oracle N/A Oracle Solaris version 10
    Oracle N/A Oracle Solaris version 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle ZFS Storage Appliance Kit version 8.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris version 10",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris version 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2021-4115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-4115"
        },
        {
          "name": "CVE-2020-29651",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-29651"
        },
        {
          "name": "CVE-2022-29824",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
        },
        {
          "name": "CVE-2022-24801",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-24801"
        },
        {
          "name": "CVE-2022-21513",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21513"
        },
        {
          "name": "CVE-2022-21533",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21533"
        },
        {
          "name": "CVE-2018-25032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
        },
        {
          "name": "CVE-2022-21563",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21563"
        },
        {
          "name": "CVE-2022-23308",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
        },
        {
          "name": "CVE-2022-21524",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21524"
        },
        {
          "name": "CVE-2022-21439",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21439"
        },
        {
          "name": "CVE-2022-21514",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21514"
        }
      ],
      "links": [],
      "reference": "CERTFR-2022-AVI-660",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-07-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
          "url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixSUNS"
        }
      ]
    }

    CERTFR-2022-AVI-482

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans Oracle E-Business Suite. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle E-Business Suite versions 12.21 et 12.2 sans le dernier correctif de sécurité
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle E-Business Suite versions 12.21 et 12.2 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2022-21500",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21500"
        }
      ],
      "links": [],
      "reference": "CERTFR-2022-AVI-482",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-05-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle E-Business Suite. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans Oracle E-Business Suite",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cve-2022-21500 du 19 mai 2022",
          "url": "https://www.oracle.com/security-alerts/alert-cve-2022-21500.html"
        }
      ]
    }

    CERTFR-2022-AVI-367

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle StorageTek ACSLS version 8.5.1
    Oracle N/A Oracle Ethernet Switch TOR-72 version 1.2.2
    Oracle N/A Oracle StorageTek Tape Analytics (STA) version 2.4
    Oracle N/A Oracle Ethernet Switch ES1-24 version 1.3.1
    Oracle N/A Oracle ZFS Storage Appliance Kit version 8.8
    Oracle N/A Oracle Solaris Cluster version 4
    Oracle N/A Oracle Solaris version 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle StorageTek ACSLS version 8.5.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Ethernet Switch TOR-72 version 1.2.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle StorageTek Tape Analytics (STA) version 2.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Ethernet Switch ES1-24 version 1.3.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle ZFS Storage Appliance Kit version 8.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris Cluster version 4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris version 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2021-29425",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
        },
        {
          "name": "CVE-2022-21446",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21446"
        },
        {
          "name": "CVE-2019-17195",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
        },
        {
          "name": "CVE-2022-21416",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21416"
        },
        {
          "name": "CVE-2020-5421",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
        },
        {
          "name": "CVE-2021-2351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
        },
        {
          "name": "CVE-2021-39275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
        },
        {
          "name": "CVE-2020-9488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
        },
        {
          "name": "CVE-2022-21463",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21463"
        },
        {
          "name": "CVE-2020-6950",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
        },
        {
          "name": "CVE-2019-3740",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
        },
        {
          "name": "CVE-2020-1968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
        },
        {
          "name": "CVE-2022-21461",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21461"
        },
        {
          "name": "CVE-2020-11022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
        },
        {
          "name": "CVE-2022-21494",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21494"
        },
        {
          "name": "CVE-2020-11979",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
        },
        {
          "name": "CVE-2022-21493",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21493"
        }
      ],
      "links": [],
      "reference": "CERTFR-2022-AVI-367",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-04-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle verbose cpuapr2022 du 19 avril 2022",
          "url": "https://www.oracle.com/security-alerts/cpuapr2022verbose.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2022 du 19 avril 2022",
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixSUNS"
        }
      ]
    }

    CERTFR-2022-AVI-054

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers versions XCP2410 et antérieures
    Oracle N/A Oracle ZFS Storage Application Integration Engineering Software version 1.3.3
    Oracle N/A Oracle ZFS Storage Appliance Kit version 8.8
    Oracle N/A Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers versions XCP3110 et antérieures
    Oracle N/A Oracle Solaris versions 10 et 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers versions XCP2410 et ant\u00e9rieures",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle ZFS Storage Application Integration Engineering Software version 1.3.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle ZFS Storage Appliance Kit version 8.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers versions XCP3110 et ant\u00e9rieures",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris versions 10 et 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2021-43395",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-43395"
        },
        {
          "name": "CVE-2021-3517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
        },
        {
          "name": "CVE-2022-21375",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21375"
        },
        {
          "name": "CVE-2020-8285",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
        },
        {
          "name": "CVE-2022-21271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
        },
        {
          "name": "CVE-2021-2351",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
        },
        {
          "name": "CVE-2022-21298",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21298"
        },
        {
          "name": "CVE-2022-21263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21263"
        },
        {
          "name": "CVE-2021-3326",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
        },
        {
          "name": "CVE-2021-23840",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
        },
        {
          "name": "CVE-2020-13817",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
        }
      ],
      "links": [],
      "reference": "CERTFR-2022-AVI-054",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-01-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2022.html du 18 janvier 2022",
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        }
      ]
    }

    CERTFR-2022-AVI-055

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle VM VirtualBox. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle VM VirtualBox versions antérieures à 6.1.32
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 6.1.32",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2022-21295",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21295"
        },
        {
          "name": "CVE-2022-21394",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21394"
        }
      ],
      "links": [],
      "reference": "CERTFR-2022-AVI-055",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2022-01-19T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle VM\nVirtualBox. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle VM VirtualBox",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2022.html du 18 janvier 2022",
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixOVIR"
        }
      ]
    }

    CERTFR-2021-AVI-805

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans les produits Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle Ethernet Switch ES2-64 version 2.0.0.14
    Oracle N/A Oracle ZFS Storage Appliance Kit version 8.8
    Oracle N/A Oracle Solaris 11
    Oracle N/A Oracle Ethernet Switch ES2-72 version 2.0.0.14
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Ethernet Switch ES2-64 version 2.0.0.14",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle ZFS Storage Appliance Kit version 8.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Ethernet Switch ES2-72 version 2.0.0.14",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2021-26691",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
        },
        {
          "name": "CVE-2021-35589",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35589"
        },
        {
          "name": "CVE-2021-35549",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35549"
        },
        {
          "name": "CVE-2020-1968",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
        },
        {
          "name": "CVE-2021-35539",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35539"
        }
      ],
      "links": [],
      "reference": "CERTFR-2021-AVI-805",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-10-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Oracle\nSystems. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2021 du 19 octobre 2021",
          "url": "https://www.oracle.com/security-alerts/cpuoct2021verbose.html#SUNS"
        }
      ]
    }

    CERTFR-2021-AVI-802

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Database. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle Database Server Oracle Database Server version 12.2.0.1
    Oracle Database Server Oracle Database Server version 19c
    Oracle Database Server Oracle Database Server version 12.1.0.2
    Oracle N/A Oracle Application Express (CKEditor) versions antérieures à 21.1.0
    Oracle Database Server Oracle Database Server version 21c
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Database Server version 12.2.0.1",
          "product": {
            "name": "Database Server",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database Server version 19c",
          "product": {
            "name": "Database Server",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database Server version 12.1.0.2",
          "product": {
            "name": "Database Server",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Application Express (CKEditor) versions ant\u00e9rieures \u00e0 21.1.0",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database Server version 21c",
          "product": {
            "name": "Database Server",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2021-35558",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35558"
        },
        {
          "name": "CVE-2021-26272",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-26272"
        },
        {
          "name": "CVE-2021-35557",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35557"
        },
        {
          "name": "CVE-2021-2332",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2332"
        },
        {
          "name": "CVE-2021-25122",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-25122"
        },
        {
          "name": "CVE-2021-35576",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35576"
        },
        {
          "name": "CVE-2021-35599",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35599"
        },
        {
          "name": "CVE-2021-35551",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35551"
        },
        {
          "name": "CVE-2021-35619",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-35619"
        }
      ],
      "links": [],
      "reference": "CERTFR-2021-AVI-802",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-10-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2021 du 19 octobre 2021",
          "url": "https://www.oracle.com/security-alerts/cpuoct2021verbose.html#DB"
        }
      ]
    }

    CERTFR-2021-AVI-299

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle ZFS Storage Appliance Kit versions 8.8
    Oracle N/A Oracle Solaris version 10
    Oracle N/A Oracle Solaris version 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle ZFS Storage Appliance Kit versions 8.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris version 10",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris version 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2020-1472",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"
        },
        {
          "name": "CVE-2021-2149",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2149"
        },
        {
          "name": "CVE-2021-2192",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2192"
        },
        {
          "name": "CVE-2021-2167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2167"
        },
        {
          "name": "CVE-2021-2147",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2147"
        }
      ],
      "links": [],
      "reference": "CERTFR-2021-AVI-299",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-04-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
          "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle Systems cpuapr2021 du 20 avril 2021",
          "url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#SUNS"
        }
      ]
    }

    CERTFR-2021-AVI-295

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Database. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle Database 12.2.0.1
    Oracle N/A Oracle Database 18c
    Oracle N/A Oracle Database 12.1.0.2
    Oracle N/A Oracle Database 19c
    Oracle N/A Oracle Application Express versions antérieures à 20.2
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Database 12.2.0.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database 18c",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database 12.1.0.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database 19c",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Application Express versions ant\u00e9rieures \u00e0 20.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2021-2234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2234"
        },
        {
          "name": "CVE-2021-2245",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2245"
        },
        {
          "name": "CVE-2021-2175",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2175"
        },
        {
          "name": "CVE-2020-7760",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-7760"
        },
        {
          "name": "CVE-2021-2173",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2173"
        },
        {
          "name": "CVE-2019-3740",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
        },
        {
          "name": "CVE-2021-2207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-2207"
        },
        {
          "name": "CVE-2020-5360",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-5360"
        },
        {
          "name": "CVE-2020-17527",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
        },
        {
          "name": "CVE-2020-11023",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
        }
      ],
      "links": [],
      "reference": "CERTFR-2021-AVI-295",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-04-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
          "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle Database cpuapr2021 du 20 avril 2021",
          "url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#DB"
        }
      ]
    }

    CERTFR-2021-AVI-045

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle ZFS Storage Appliance Kit version 8.8
    Oracle N/A StorageTek Tape Analytics SW Tool version 2.3.1
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle ZFS Storage Appliance Kit version 8.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "StorageTek Tape Analytics SW Tool version 2.3.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2020-11984",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
        },
        {
          "name": "CVE-2020-9488",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
        },
        {
          "name": "CVE-2021-1999",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-1999"
        },
        {
          "name": "CVE-2020-11022",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
        }
      ],
      "links": [],
      "reference": "CERTFR-2021-AVI-045",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2021-01-20T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2021 du 19 janvier 2021",
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        }
      ]
    }

    CERTFR-2020-AVI-665

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle ZFS Storage Appliance kit version 8.8 sans le dernier correctif de sécurité
    Oracle Systems Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S de Oracle Systems de firmware antérieur à XCP2362
    Oracle Systems Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S de Oracle Systems de firmware antérieur à XCP3090
    Oracle N/A Oracle Solaris versions 10 et 11 sans le dernier correctif de sécurité
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle ZFS Storage Appliance kit version 8.8 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S de Oracle Systems de firmware ant\u00e9rieur \u00e0 XCP2362",
          "product": {
            "name": "Systems",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S de Oracle Systems de firmware ant\u00e9rieur \u00e0 XCP3090",
          "product": {
            "name": "Systems",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris versions 10 et 11 sans le dernier correctif de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2020-14759",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14759"
        },
        {
          "name": "CVE-2020-3909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-3909"
        },
        {
          "name": "CVE-2019-11477",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
        },
        {
          "name": "CVE-2020-14758",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14758"
        },
        {
          "name": "CVE-2020-14754",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14754"
        },
        {
          "name": "CVE-2020-14871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
        },
        {
          "name": "CVE-2020-14818",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14818"
        },
        {
          "name": "CVE-2018-3693",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
        }
      ],
      "links": [],
      "reference": "CERTFR-2020-AVI-665",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2020-10-21T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2020 du 20 octobre 2020",
          "url": "https://www.oracle.com/security-alerts/cpuoct2020verbose.html"
        }
      ]
    }

    CERTFR-2020-AVI-436

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle ZFS Storage Appliance Kit 8.8 sans les derniers correctifs de sécurité
    Oracle N/A Oracle Solaris 11.x sans les derniers correctifs de sécurité

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle ZFS Storage Appliance Kit 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris 11.x sans les derniers correctifs de s\u00e9curit\u00e9",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2020-14724",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14724"
        },
        {
          "name": "CVE-2020-11656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
        },
        {
          "name": "CVE-2019-5489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
        },
        {
          "name": "CVE-2020-14542",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14542"
        },
        {
          "name": "CVE-2020-14545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14545"
        },
        {
          "name": "CVE-2018-12207",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
        },
        {
          "name": "CVE-2020-14537",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-14537"
        }
      ],
      "links": [],
      "reference": "CERTFR-2020-AVI-436",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2020-07-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 d\u00e9taill\u00e9 Oracle cpujul2020 du 14 juillet 2020",
          "url": "https://www.oracle.com/security-alerts/cpujul2020verbose.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2020 du 14 juillet 2020",
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        }
      ]
    }

    CERTFR-2020-AVI-219

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Sun ZFS Storage Appliance Kit version 8.8
    Oracle N/A StorageTek Tape Analytics SW Tool version 2.3.0
    Oracle N/A Oracle Solaris versions 10 et 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Sun ZFS Storage Appliance Kit version 8.8",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "StorageTek Tape Analytics SW Tool version 2.3.0",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris versions 10 et 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2018-1165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1165"
        },
        {
          "name": "CVE-2020-2749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2749"
        },
        {
          "name": "CVE-2020-2851",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2851"
        },
        {
          "name": "CVE-2019-2729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
        },
        {
          "name": "CVE-2020-2927",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2927"
        },
        {
          "name": "CVE-2020-2771",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2771"
        },
        {
          "name": "CVE-2019-11358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
        },
        {
          "name": "CVE-2020-2944",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2944"
        }
      ],
      "links": [],
      "reference": "CERTFR-2020-AVI-219",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2020-04-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020 du 14 avril 2020",
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020verbose du 14 avril 2020",
          "url": "https://www.oracle.com/security-alerts/cpuapr2020verbose.html#SUNS"
        }
      ]
    }

    CERTFR-2020-AVI-037

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle VM Server for SPARC version 3.6
    Oracle N/A Tape Library ACSLS, versions 8.5 et 8.5.1
    Oracle N/A Sun ZFS Storage Appliance Kit version 8.8.6
    Oracle N/A Oracle Solaris versions 10 et 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle VM Server for SPARC version 3.6",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Tape Library ACSLS, versions 8.5 et 8.5.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Sun ZFS Storage Appliance Kit version 8.8.6",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris versions 10 et 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2020-2578",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2578"
        },
        {
          "name": "CVE-2019-2729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
        },
        {
          "name": "CVE-2020-2696",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2696"
        },
        {
          "name": "CVE-2020-2565",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2565"
        },
        {
          "name": "CVE-2019-11358",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
        },
        {
          "name": "CVE-2019-9636",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
        },
        {
          "name": "CVE-2018-15756",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
        },
        {
          "name": "CVE-2019-2725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"
        },
        {
          "name": "CVE-2020-2656",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2656"
        },
        {
          "name": "CVE-2020-2680",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2680"
        },
        {
          "name": "CVE-2020-2571",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2571"
        },
        {
          "name": "CVE-2020-2647",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2647"
        },
        {
          "name": "CVE-2020-2558",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2558"
        },
        {
          "name": "CVE-2019-9579",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-9579"
        },
        {
          "name": "CVE-2016-1000031",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000031"
        },
        {
          "name": "CVE-2020-2605",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2605"
        },
        {
          "name": "CVE-2020-2664",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-2664"
        }
      ],
      "links": [],
      "reference": "CERTFR-2020-AVI-037",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2020-01-15T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020verbose du 14 janvier 2020",
          "url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020 du 14 janvier 2020",
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        }
      ]
    }

    CERTFR-2019-AVI-507

    Vulnerability from certfr_avis - Published: - Updated:

    Une importante vulnérabilité a été découverte dans Oracle NoSQL Database. Elle permet à un attaquant non authentifié de compromettre à distance (via le protocole HTTP) une base de données Oracle NoSQL.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle NoSQL Database versions antérieures à 19.3.12
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle NoSQL Database versions ant\u00e9rieures \u00e0 19.3.12",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2018-14721",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
        }
      ],
      "links": [],
      "reference": "CERTFR-2019-AVI-507",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2019-10-16T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "Une importante vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle NoSQL\nDatabase. Elle permet \u00e0 un attaquant non authentifi\u00e9 de compromettre \u00e0\ndistance (via le protocole HTTP) une base de donn\u00e9es Oracle NoSQL.\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans Oracle NoSQL Database",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2019-5072832 du 15 octobre 2019",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixNSQL"
        }
      ]
    }

    CERTFR-2019-AVI-510

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions antérieures à XCP2361 et antérieures à XCP3071
    Oracle N/A Oracle Solaris versions 10 et 11
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions ant\u00e9rieures \u00e0 XCP2361 et ant\u00e9rieures \u00e0 XCP3071",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris versions 10 et 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2018-18066",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
        },
        {
          "name": "CVE-2019-3008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-3008"
        },
        {
          "name": "CVE-2019-6109",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
        },
        {
          "name": "CVE-2019-2961",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2961"
        },
        {
          "name": "CVE-2015-5180",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-5180"
        },
        {
          "name": "CVE-2019-3010",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-3010"
        },
        {
          "name": "CVE-2019-2765",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2765"
        },
        {
          "name": "CVE-2018-7185",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7185"
        },
        {
          "name": "CVE-2017-17558",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-17558"
        },
        {
          "name": "CVE-2018-12404",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
        },
        {
          "name": "CVE-2018-0732",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
        },
        {
          "name": "CVE-2018-1000007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
        }
      ],
      "links": [],
      "reference": "CERTFR-2019-AVI-510",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2019-10-16T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        },
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2019-5072832 du 15 octobre 2019",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixSUNS"
        }
      ]
    }

    CERTFR-2019-AVI-342

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Tape Virtual Storage Manager GUI version 6.2
    Oracle N/A Sun ZFS Storage Appliance Kit (AK) version 8.8.3
    Oracle N/A Oracle Solaris versions 10, 11.3 et 11.4
    Oracle N/A StorageTek Tape Analytics SW Tool version 2.3.0

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Tape Virtual Storage Manager GUI version 6.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Sun ZFS Storage Appliance Kit (AK) version 8.8.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris versions 10, 11.3 et 11.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "StorageTek Tape Analytics SW Tool version 2.3.0",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2019-5598",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-5598"
        },
        {
          "name": "CVE-2019-2729",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
        },
        {
          "name": "CVE-2019-2832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2832"
        },
        {
          "name": "CVE-2019-2725",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"
        },
        {
          "name": "CVE-2019-2788",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2788"
        },
        {
          "name": "CVE-2019-2807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2807"
        },
        {
          "name": "CVE-2019-5597",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-5597"
        },
        {
          "name": "CVE-2019-2787",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2787"
        },
        {
          "name": "CVE-2019-2820",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2820"
        },
        {
          "name": "CVE-2019-2804",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2804"
        },
        {
          "name": "CVE-2019-2878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2878"
        },
        {
          "name": "CVE-2019-2844",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2844"
        },
        {
          "name": "CVE-2019-2838",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2838"
        }
      ],
      "links": [],
      "reference": "CERTFR-2019-AVI-342",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2019-07-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019-5072835 du 16 juillet 2019",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019verbose-5072838-5072835 du 16 juillet 2019",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#SUNS"
        }
      ]
    }

    CERTFR-2019-AVI-176

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle Solaris versions 10 et 11

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Solaris versions 10 et 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2019-2577",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2577"
        },
        {
          "name": "CVE-2018-20685",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
        },
        {
          "name": "CVE-2019-2704",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2704"
        }
      ],
      "links": [],
      "reference": "CERTFR-2019-AVI-176",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2019-04-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019verbose-5072824 du 16 avril 2019",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019-5072813 du 16 avril 2019",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        }
      ]
    }

    CERTFR-2019-AVI-023

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Tape Library ACSLS version 8.4
    Oracle N/A Sun ZFS Storage Appliance Kit (AK) versions antérieures à 8.8.2
    Oracle N/A Oracle Solaris versions 10 et 11

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Tape Library ACSLS version 8.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Sun ZFS Storage Appliance Kit (AK) versions ant\u00e9rieures \u00e0 8.8.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Solaris versions 10 et 11",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2018-6913",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-6913"
        },
        {
          "name": "CVE-2017-1000456",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000456"
        },
        {
          "name": "CVE-2018-19628",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19628"
        },
        {
          "name": "CVE-2018-19158",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-19158"
        },
        {
          "name": "CVE-2018-13988",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
        },
        {
          "name": "CVE-2017-14517",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-14517"
        },
        {
          "name": "CVE-2018-3282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3282"
        },
        {
          "name": "CVE-2016-0635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0635"
        },
        {
          "name": "CVE-2018-0739",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
        },
        {
          "name": "CVE-2018-1000115",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000115"
        },
        {
          "name": "CVE-2018-9918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-9918"
        },
        {
          "name": "CVE-2019-2545",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2545"
        },
        {
          "name": "CVE-2019-2541",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2541"
        },
        {
          "name": "CVE-2018-0734",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
        },
        {
          "name": "CVE-2019-2544",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2544"
        },
        {
          "name": "CVE-2018-3247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3247"
        },
        {
          "name": "CVE-2018-1275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-1275"
        },
        {
          "name": "CVE-2018-3639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
        },
        {
          "name": "CVE-2019-2543",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2543"
        },
        {
          "name": "CVE-2017-5645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
        },
        {
          "name": "CVE-2017-18267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
        },
        {
          "name": "CVE-2019-2412",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2412"
        },
        {
          "name": "CVE-2016-8705",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-8705"
        },
        {
          "name": "CVE-2018-17183",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-17183"
        },
        {
          "name": "CVE-2019-2437",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-2437"
        },
        {
          "name": "CVE-2018-3646",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
        },
        {
          "name": "CVE-2018-5407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
        },
        {
          "name": "CVE-2018-3070",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3070"
        },
        {
          "name": "CVE-2018-15909",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-15909"
        },
        {
          "name": "CVE-2018-11763",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-11763"
        }
      ],
      "links": [],
      "reference": "CERTFR-2019-AVI-023",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2019-01-16T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
        },
        {
          "description": "D\u00e9ni de service"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019-5072801 du 15 janvier 2019",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixSUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle bulletinjan2019-5251593 du 15 janvier 2019",
          "url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019verbose-5072807 du 15 janvier 2019",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019verbose-5072807.html#SUNS"
        }
      ]
    }

    CERTFR-2018-AVI-494

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Database. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Oracle Database version 12.1.0.2
    Oracle N/A Oracle Database version 11.2.0.4
    Oracle N/A Oracle Database version 18c
    Oracle N/A Oracle Database version 12.2.0.1
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Oracle Database version 12.1.0.2",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database version 11.2.0.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database version 18c",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Oracle Database version 12.2.0.1",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2018-3299",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3299"
        },
        {
          "name": "CVE-2018-7489",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
        },
        {
          "name": "CVE-2018-3259",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3259"
        }
      ],
      "links": [],
      "reference": "CERTFR-2018-AVI-494",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2018-10-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#DB"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        }
      ]
    }

    CERTFR-2018-AVI-496

    Vulnerability from certfr_avis - Published: - Updated:

    De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Oracle N/A Solaris version 11.4
    Oracle N/A Solaris version 10
    Oracle N/A Solaris version 11.3
    Oracle N/A Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2 et M12-2S antérieurs à XCP2352 ou XCP3050
    Oracle N/A Serveurs SPARC Enterprise M3000, M4000, M5000, M8000 et M9000 antérieurs à XCP1123
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Solaris version 11.4",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Solaris version 10",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Solaris version 11.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2 et M12-2S ant\u00e9rieurs \u00e0 XCP2352 ou XCP3050",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        },
        {
          "description": "Serveurs SPARC Enterprise M3000, M4000, M5000, M8000 et M9000 ant\u00e9rieurs \u00e0 XCP1123",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Oracle",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2017-7407",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-7407"
        },
        {
          "name": "CVE-2018-2922",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-2922"
        },
        {
          "name": "CVE-2018-3275",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3275"
        },
        {
          "name": "CVE-2018-3264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3264"
        },
        {
          "name": "CVE-2016-5244",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-5244"
        },
        {
          "name": "CVE-2018-3267",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3267"
        },
        {
          "name": "CVE-2018-3268",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3268"
        },
        {
          "name": "CVE-2018-3270",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3270"
        },
        {
          "name": "CVE-2018-3273",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3273"
        },
        {
          "name": "CVE-2018-3172",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3172"
        },
        {
          "name": "CVE-2018-3272",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3272"
        },
        {
          "name": "CVE-2016-7167",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
        },
        {
          "name": "CVE-2016-7141",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
        },
        {
          "name": "CVE-2018-3274",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3274"
        },
        {
          "name": "CVE-2018-3266",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3266"
        },
        {
          "name": "CVE-2018-3269",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3269"
        },
        {
          "name": "CVE-2015-6937",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-6937"
        },
        {
          "name": "CVE-2018-3265",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3265"
        },
        {
          "name": "CVE-2018-3263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3263"
        },
        {
          "name": "CVE-2018-3271",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-3271"
        }
      ],
      "links": [],
      "reference": "CERTFR-2018-AVI-496",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2018-10-17T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "D\u00e9ni de service \u00e0 distance"
        },
        {
          "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
        },
        {
          "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
        },
        {
          "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
        }
      ],
      "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
      "title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#SUNS"
        },
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        }
      ]
    }