Search criteria
178 vulnerabilities found for N/A by Oracle
CERTFR-2024-AVI-0324
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle Solaris Cluster version 4 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle Solaris version 11 sans les derniers correctifs de sécurité | ||
| Oracle | N/A | Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris Cluster version 4 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle StorageTek Tape Analytics (STA) version 2.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-1370",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1370"
},
{
"name": "CVE-2022-45688",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
},
{
"name": "CVE-2021-36373",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36373"
},
{
"name": "CVE-2022-34381",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34381"
},
{
"name": "CVE-2024-21105",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21105"
},
{
"name": "CVE-2023-1436",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1436"
},
{
"name": "CVE-2020-29508",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29508"
},
{
"name": "CVE-2021-36374",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36374"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2024-21059",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21059"
},
{
"name": "CVE-2020-35164",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35164"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2023-20863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-20863"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-42890",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42890"
},
{
"name": "CVE-2024-21104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21104"
},
{
"name": "CVE-2020-35166",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35166"
},
{
"name": "CVE-2020-35163",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35163"
},
{
"name": "CVE-2020-35168",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35168"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2024-20999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20999"
},
{
"name": "CVE-2022-24839",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24839"
},
{
"name": "CVE-2022-41704",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41704"
},
{
"name": "CVE-2020-35167",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35167"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0324",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
]
}
CERTFR-2024-AVI-0320
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle VirtualBox. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle VM Virtualbox versions ant\u00e9rieures \u00e0 7.0.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-21103",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21103"
},
{
"name": "CVE-2024-21121",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21121"
},
{
"name": "CVE-2024-21113",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21113"
},
{
"name": "CVE-2024-21111",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21111"
},
{
"name": "CVE-2024-21107",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21107"
},
{
"name": "CVE-2024-21108",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21108"
},
{
"name": "CVE-2024-21114",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21114"
},
{
"name": "CVE-2024-21106",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21106"
},
{
"name": "CVE-2024-21112",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21112"
},
{
"name": "CVE-2024-21115",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21115"
},
{
"name": "CVE-2024-21109",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21109"
},
{
"name": "CVE-2024-21116",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21116"
},
{
"name": "CVE-2024-21110",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21110"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0320",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle VirtualBox.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle VirtualBox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024verbose du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024verbose.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2024 du 16 avril 2024",
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html"
}
]
}
CERTFR-2024-AVI-0048
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer un déni de service, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris version 11 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-20959",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20959"
},
{
"name": "CVE-2023-21833",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21833"
},
{
"name": "CVE-2024-20946",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20946"
},
{
"name": "CVE-2024-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20920"
},
{
"name": "CVE-2024-20914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-20914"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-01-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024verbose du 16 janvier 2024",
"url": "https://www.oracle.com/security-alerts/cpujan2024verbose.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2024 du 16 janvier 2024",
"url": "https://www.oracle.com/security-alerts/cpujan2024.html#AppendixSUNS"
}
]
}
CERTFR-2023-AVI-0865
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun ZFS Storage Appliance version 8.8.60 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et 11 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22128",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22128"
},
{
"name": "CVE-2023-22129",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22129"
},
{
"name": "CVE-2023-22130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22130"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0865",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023verbose du 17 octobre 2023",
"url": "https://www.oracle.com/security-alerts/cpuoct2023verbose.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2023 du 17 octobre 2023",
"url": "https://www.oracle.com/security-alerts/cpuoct2023.html"
}
]
}
CERTFR-2023-AVI-0565
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Oracle Systems. Elle permet à un attaquant de provoquer une exécution de code arbitraire.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solaris version 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-22023",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22023"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0565",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-07-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle Systems. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023verbose du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023verbose.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2023 du 18 juillet 2023",
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
]
}
CERTFR-2023-AVI-0325
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Java SE | Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20 | ||
| Oracle | Database Server | Oracle Database Server 19c, 21c | ||
| Oracle | N/A | Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1 | ||
| Oracle | PeopleSoft | Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2 | ||
| Oracle | Virtualization | Oracle Virtualization versions 6.1.x antérieures à 6.1.44 | ||
| Oracle | MySQL | Oracle MySQL versions 8.0.33 et antérieures | ||
| Oracle | Systems | Oracle Systems versions 10, 11 | ||
| Oracle | Virtualization | Oracle Virtualization versions 7.0.x antérieures à 7.0.8 | ||
| Oracle | MySQL | Oracle MySQL versions 5.7.41 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server 19c, 21c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle GraalVM Enterprise Edition: 20.3.8, 20.3.9, 21.3.4, 21.3.5, 22.3.0, 22.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle PeopleSoft versions 8.58, 8.59, 8.60, 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 6.1.x ant\u00e9rieures \u00e0 6.1.44",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 8.0.33 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Systems versions 10, 11",
"product": {
"name": "Systems",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Virtualization versions 7.0.x ant\u00e9rieures \u00e0 7.0.8",
"product": {
"name": "Virtualization",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle MySQL versions 5.7.41 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21938",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21938"
},
{
"name": "CVE-2023-21916",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21916"
},
{
"name": "CVE-2023-21985",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21985"
},
{
"name": "CVE-2023-21979",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21979"
},
{
"name": "CVE-2023-21986",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21986"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2023-21954",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21954"
},
{
"name": "CVE-2023-21940",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21940"
},
{
"name": "CVE-2023-21939",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21939"
},
{
"name": "CVE-2023-21962",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21962"
},
{
"name": "CVE-2022-31160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31160"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21917"
},
{
"name": "CVE-2023-21984",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21984"
},
{
"name": "CVE-2023-21956",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21956"
},
{
"name": "CVE-2023-0215",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
},
{
"name": "CVE-2023-21945",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21945"
},
{
"name": "CVE-2022-42916",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42916"
},
{
"name": "CVE-2023-21966",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21966"
},
{
"name": "CVE-2023-21947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21947"
},
{
"name": "CVE-2023-22002",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22002"
},
{
"name": "CVE-2023-21981",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21981"
},
{
"name": "CVE-2023-21987",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21987"
},
{
"name": "CVE-2023-21977",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21977"
},
{
"name": "CVE-2023-21971",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21971"
},
{
"name": "CVE-2023-21999",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21999"
},
{
"name": "CVE-2023-21928",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21928"
},
{
"name": "CVE-2023-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21972"
},
{
"name": "CVE-2023-21960",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21960"
},
{
"name": "CVE-2021-37533",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37533"
},
{
"name": "CVE-2023-21990",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21990"
},
{
"name": "CVE-2023-22000",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22000"
},
{
"name": "CVE-2023-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21913"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"name": "CVE-2023-21963",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21963"
},
{
"name": "CVE-2023-21980",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21980"
},
{
"name": "CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"name": "CVE-2023-21996",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21996"
},
{
"name": "CVE-2022-40152",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40152"
},
{
"name": "CVE-2023-21953",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21953"
},
{
"name": "CVE-2023-21934",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21934"
},
{
"name": "CVE-2023-22003",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22003"
},
{
"name": "CVE-2023-21998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21998"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21946"
},
{
"name": "CVE-2023-21933",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21933"
},
{
"name": "CVE-2023-21931",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21931"
},
{
"name": "CVE-2023-21937",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21937"
},
{
"name": "CVE-2022-45143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45143"
},
{
"name": "CVE-2023-21896",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21896"
},
{
"name": "CVE-2022-43551",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43551"
},
{
"name": "CVE-2023-21964",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21964"
},
{
"name": "CVE-2021-22569",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22569"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21920"
},
{
"name": "CVE-2022-45685",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45685"
},
{
"name": "CVE-2023-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21918"
},
{
"name": "CVE-2023-21992",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21992"
},
{
"name": "CVE-2023-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21911"
},
{
"name": "CVE-2023-21976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21976"
},
{
"name": "CVE-2021-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31684"
},
{
"name": "CVE-2023-21968",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21968"
},
{
"name": "CVE-2023-21991",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21991"
},
{
"name": "CVE-2023-21989",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21989"
},
{
"name": "CVE-2023-21982",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21982"
},
{
"name": "CVE-2023-21930",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21930"
},
{
"name": "CVE-2023-24998",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24998"
},
{
"name": "CVE-2023-21935",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21935"
},
{
"name": "CVE-2020-25638",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
},
{
"name": "CVE-2023-21955",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21955"
},
{
"name": "CVE-2023-21988",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21988"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2022-45047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45047"
},
{
"name": "CVE-2022-36033",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-36033"
},
{
"name": "CVE-2023-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21912"
},
{
"name": "CVE-2023-21929",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21929"
},
{
"name": "CVE-2023-21967",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21967"
},
{
"name": "CVE-2023-22001",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22001"
},
{
"name": "CVE-2022-41881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41881"
},
{
"name": "CVE-2023-21948",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21948"
},
{
"name": "CVE-2023-21919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21919"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0325",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-19T00:00:00.000000"
},
{
"description": "Correction coquilles.",
"revision_date": "2023-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2023 du 18 avril 2023",
"url": "https://www.oracle.com/security-alerts/cpuapr2023.html"
}
]
}
CERTFR-2023-AVI-0034
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Oracle. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | MySQL | MySQL Cluster versions 7.5.28 et antérieures | ||
| Oracle | MySQL | MySQL Shell versions 8.0.31 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise CC Common Application Objects version 9.2 | ||
| Oracle | MySQL | MySQL Server versions 5.7.40 et antérieures | ||
| Oracle | MySQL | MySQL Cluster versions 7.6.24 et antérieures | ||
| Oracle | Java SE | Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1 | ||
| Oracle | MySQL | MySQL Connectors versions 8.0.31 et antérieures | ||
| Oracle | Weblogic | Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0 | ||
| Oracle | N/A | Oracle VM VirtualBox versions antérieures à 7.0.6 | ||
| Oracle | MySQL | MySQL Workbench versions 8.0.31 et antérieures | ||
| Oracle | MySQL | MySQL Enterprise Monitor versions 8.0.32 et antérieures | ||
| Oracle | Database Server | Oracle Database Server versions 19c, 21c [Perl] antérieures à 5.35 | ||
| Oracle | MySQL | MySQL Cluster versions 8.0.31 et antérieures | ||
| Oracle | MySQL | MySQL Server versions 8.0.31 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise CS Academic Advisement version 9.2 | ||
| Oracle | N/A | Oracle VM VirtualBox versions antérieures à 6.1.42 | ||
| Oracle | MySQL | MySQL Cluster versions 7.4.38 et antérieures | ||
| Oracle | PeopleSoft | PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MySQL Cluster versions 7.5.28 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Shell versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise CC Common Application Objects version 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 5.7.40 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.6.24 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Java SE versions 8u351, 8u351-perf, 11.0.17, 17.0.5 et 19.0.1",
"product": {
"name": "Java SE",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Connectors versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle WebLogic Server versions 12.2.1.3.0, 12.2.1.4.0 et 14.1.1.0.0",
"product": {
"name": "Weblogic",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Workbench versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Enterprise Monitor versions 8.0.32 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server versions 19c, 21c [Perl] ant\u00e9rieures \u00e0 5.35",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Server versions 8.0.31 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise CS Academic Advisement version 9.2",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 6.1.42",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "MySQL Cluster versions 7.4.38 et ant\u00e9rieures",
"product": {
"name": "MySQL",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "PeopleSoft Enterprise PeopleTools versions 8.58, 8.59 et 8.60",
"product": {
"name": "PeopleSoft",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-21900",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21900"
},
{
"name": "CVE-2022-31129",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31129"
},
{
"name": "CVE-2023-21843",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21843"
},
{
"name": "CVE-2022-24407",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24407"
},
{
"name": "CVE-2023-21893",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21893"
},
{
"name": "CVE-2023-21877",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21877"
},
{
"name": "CVE-2023-21885",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21885"
},
{
"name": "CVE-2022-22971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22971"
},
{
"name": "CVE-2023-21865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21865"
},
{
"name": "CVE-2023-21898",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21898"
},
{
"name": "CVE-2023-21881",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21881"
},
{
"name": "CVE-2023-21830",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21830"
},
{
"name": "CVE-2022-25647",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25647"
},
{
"name": "CVE-2023-21874",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21874"
},
{
"name": "CVE-2023-21838",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21838"
},
{
"name": "CVE-2023-21878",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21878"
},
{
"name": "CVE-2020-10735",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10735"
},
{
"name": "CVE-2022-27782",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-27782"
},
{
"name": "CVE-2023-21883",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21883"
},
{
"name": "CVE-2022-40153",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40153"
},
{
"name": "CVE-2022-42252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42252"
},
{
"name": "CVE-2022-40149",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40149"
},
{
"name": "CVE-2023-21889",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21889"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2023-21875",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21875"
},
{
"name": "CVE-2023-21872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21872"
},
{
"name": "CVE-2023-21841",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21841"
},
{
"name": "CVE-2022-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40150"
},
{
"name": "CVE-2023-21864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21864"
},
{
"name": "CVE-2023-21840",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21840"
},
{
"name": "CVE-2022-1941",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1941"
},
{
"name": "CVE-2022-31692",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31692"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2023-21866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21866"
},
{
"name": "CVE-2023-21842",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21842"
},
{
"name": "CVE-2023-21845",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21845"
},
{
"name": "CVE-2022-39429",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39429"
},
{
"name": "CVE-2023-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21860"
},
{
"name": "CVE-2023-21844",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21844"
},
{
"name": "CVE-2022-32221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32221"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2023-21871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21871"
},
{
"name": "CVE-2023-21839",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21839"
},
{
"name": "CVE-2023-21887",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21887"
},
{
"name": "CVE-2023-21835",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21835"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2023-21873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21873"
},
{
"name": "CVE-2023-21863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21863"
},
{
"name": "CVE-2023-21876",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21876"
},
{
"name": "CVE-2020-36242",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36242"
},
{
"name": "CVE-2023-21867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21867"
},
{
"name": "CVE-2023-21899",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21899"
},
{
"name": "CVE-2023-21869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21869"
},
{
"name": "CVE-2022-42920",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42920"
},
{
"name": "CVE-2022-43548",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43548"
},
{
"name": "CVE-2023-21836",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21836"
},
{
"name": "CVE-2023-21827",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21827"
},
{
"name": "CVE-2023-21870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21870"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2023-21879",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21879"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2023-21882",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21882"
},
{
"name": "CVE-2023-21886",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21886"
},
{
"name": "CVE-2023-21837",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21837"
},
{
"name": "CVE-2023-21831",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21831"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2022-40304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40304"
},
{
"name": "CVE-2023-21880",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21880"
},
{
"name": "CVE-2022-3171",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3171"
},
{
"name": "CVE-2022-23219",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23219"
},
{
"name": "CVE-2023-21829",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21829"
},
{
"name": "CVE-2023-21884",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21884"
},
{
"name": "CVE-2023-21868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-21868"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0034",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nOracle. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2023 du 18 janvier 2023",
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
]
}
CERTFR-2022-AVI-933
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris Cluster version 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21610",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21610"
},
{
"name": "CVE-2021-40690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40690"
},
{
"name": "CVE-2022-39417",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39417"
},
{
"name": "CVE-2022-39401",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-39401"
},
{
"name": "CVE-2022-23437",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23437"
},
{
"name": "CVE-2020-36518",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36518"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2022-29577",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29577"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-933",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2022 du 18 octobre 2022",
"url": "https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixSUNS"
}
]
}
CERTFR-2022-AVI-657
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle E-Business Suite. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle E-Business Suite versions 12.2.3 \u00e0 12.2.11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21566"
},
{
"name": "CVE-2022-21567",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21567"
},
{
"name": "CVE-2022-23305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23305"
},
{
"name": "CVE-2022-21568",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21568"
},
{
"name": "CVE-2022-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21500"
},
{
"name": "CVE-2022-21545",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21545"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-657",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle E-Business\nSuite. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte\n\u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle E-Business Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixEBS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#EBS"
}
]
}
CERTFR-2022-AVI-660
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-4115",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4115"
},
{
"name": "CVE-2020-29651",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29651"
},
{
"name": "CVE-2022-29824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29824"
},
{
"name": "CVE-2022-24801",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24801"
},
{
"name": "CVE-2022-21513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21513"
},
{
"name": "CVE-2022-21533",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21533"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2022-21563",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21563"
},
{
"name": "CVE-2022-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23308"
},
{
"name": "CVE-2022-21524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21524"
},
{
"name": "CVE-2022-21439",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21439"
},
{
"name": "CVE-2022-21514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21514"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-660",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022verbose du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022verbose.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2022 du 19 juillet 2022",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html#AppendixSUNS"
}
]
}
CERTFR-2022-AVI-482
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans Oracle E-Business Suite. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle E-Business Suite versions 12.21 et 12.2 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21500",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21500"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-482",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-05-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle E-Business Suite. Elle\npermet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle E-Business Suite",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cve-2022-21500 du 19 mai 2022",
"url": "https://www.oracle.com/security-alerts/alert-cve-2022-21500.html"
}
]
}
CERTFR-2022-AVI-367
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle StorageTek ACSLS version 8.5.1 | ||
| Oracle | N/A | Oracle Ethernet Switch TOR-72 version 1.2.2 | ||
| Oracle | N/A | Oracle StorageTek Tape Analytics (STA) version 2.4 | ||
| Oracle | N/A | Oracle Ethernet Switch ES1-24 version 1.3.1 | ||
| Oracle | N/A | Oracle ZFS Storage Appliance Kit version 8.8 | ||
| Oracle | N/A | Oracle Solaris Cluster version 4 | ||
| Oracle | N/A | Oracle Solaris version 11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle StorageTek ACSLS version 8.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Ethernet Switch TOR-72 version 1.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle StorageTek Tape Analytics (STA) version 2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Ethernet Switch ES1-24 version 1.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris Cluster version 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-29425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29425"
},
{
"name": "CVE-2022-21446",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21446"
},
{
"name": "CVE-2019-17195",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17195"
},
{
"name": "CVE-2022-21416",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21416"
},
{
"name": "CVE-2020-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5421"
},
{
"name": "CVE-2021-2351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2022-21463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21463"
},
{
"name": "CVE-2020-6950",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6950"
},
{
"name": "CVE-2019-3740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2022-21461",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21461"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2022-21494",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21494"
},
{
"name": "CVE-2020-11979",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11979"
},
{
"name": "CVE-2022-21493",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21493"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-367",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle verbose cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022verbose.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2022 du 19 avril 2022",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html#AppendixSUNS"
}
]
}
CERTFR-2022-AVI-055
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle VM VirtualBox. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle VM VirtualBox versions ant\u00e9rieures \u00e0 6.1.32",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21295"
},
{
"name": "CVE-2022-21394",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21394"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-055",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle VM\nVirtualBox. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle VM VirtualBox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2022.html du 18 janvier 2022",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html#AppendixOVIR"
}
]
}
CERTFR-2022-AVI-054
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers versions XCP2410 et antérieures | ||
| Oracle | N/A | Oracle ZFS Storage Application Integration Engineering Software version 1.3.3 | ||
| Oracle | N/A | Oracle ZFS Storage Appliance Kit version 8.8 | ||
| Oracle | N/A | Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers versions XCP3110 et antérieures | ||
| Oracle | N/A | Oracle Solaris versions 10 et 11 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers versions XCP2410 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle ZFS Storage Application Integration Engineering Software version 1.3.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers versions XCP3110 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-43395",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43395"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2022-21375",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21375"
},
{
"name": "CVE-2020-8285",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
},
{
"name": "CVE-2022-21271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21271"
},
{
"name": "CVE-2021-2351",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2351"
},
{
"name": "CVE-2022-21298",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21298"
},
{
"name": "CVE-2022-21263",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21263"
},
{
"name": "CVE-2021-3326",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3326"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-13817",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13817"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-054",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2022.html du 18 janvier 2022",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
]
}
CERTFR-2021-AVI-802
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | Database Server | Oracle Database Server version 12.2.0.1 | ||
| Oracle | Database Server | Oracle Database Server version 19c | ||
| Oracle | Database Server | Oracle Database Server version 12.1.0.2 | ||
| Oracle | N/A | Oracle Application Express (CKEditor) versions antérieures à 21.1.0 | ||
| Oracle | Database Server | Oracle Database Server version 21c |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database Server version 12.2.0.1",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 19c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 12.1.0.2",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Express (CKEditor) versions ant\u00e9rieures \u00e0 21.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database Server version 21c",
"product": {
"name": "Database Server",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-35558",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35558"
},
{
"name": "CVE-2021-26272",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26272"
},
{
"name": "CVE-2021-35557",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35557"
},
{
"name": "CVE-2021-2332",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2332"
},
{
"name": "CVE-2021-25122",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25122"
},
{
"name": "CVE-2021-35576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35576"
},
{
"name": "CVE-2021-35599",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35599"
},
{
"name": "CVE-2021-35551",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35551"
},
{
"name": "CVE-2021-35619",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35619"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-802",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2021 du 19 octobre 2021",
"url": "https://www.oracle.com/security-alerts/cpuoct2021verbose.html#DB"
}
]
}
CERTFR-2021-AVI-805
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Ethernet Switch ES2-64 version 2.0.0.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Ethernet Switch ES2-72 version 2.0.0.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-35589",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35589"
},
{
"name": "CVE-2021-35549",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35549"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2021-35539",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35539"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-805",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Oracle\nSystems. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2021 du 19 octobre 2021",
"url": "https://www.oracle.com/security-alerts/cpuoct2021verbose.html#SUNS"
}
]
}
CERTFR-2021-AVI-295
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database 12.2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 18c",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 12.1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database 19c",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Application Express versions ant\u00e9rieures \u00e0 20.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-2234",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2234"
},
{
"name": "CVE-2021-2245",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2245"
},
{
"name": "CVE-2021-2175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2175"
},
{
"name": "CVE-2020-7760",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7760"
},
{
"name": "CVE-2021-2173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2173"
},
{
"name": "CVE-2019-3740",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3740"
},
{
"name": "CVE-2021-2207",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2207"
},
{
"name": "CVE-2020-5360",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-5360"
},
{
"name": "CVE-2020-17527",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-17527"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-295",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Database cpuapr2021 du 20 avril 2021",
"url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#DB"
}
]
}
CERTFR-2021-AVI-299
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle ZFS Storage Appliance Kit versions 8.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris version 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-1472",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1472"
},
{
"name": "CVE-2021-2149",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2149"
},
{
"name": "CVE-2021-2192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2192"
},
{
"name": "CVE-2021-2167",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2167"
},
{
"name": "CVE-2021-2147",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2147"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-299",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2021 du 20 avril 2021",
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle Systems cpuapr2021 du 20 avril 2021",
"url": "https://www.oracle.com/security-alerts/cpuapr2021verbose.html#SUNS"
}
]
}
CERTFR-2021-AVI-045
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle ZFS Storage Appliance Kit version 8.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "StorageTek Tape Analytics SW Tool version 2.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11984",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11984"
},
{
"name": "CVE-2020-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9488"
},
{
"name": "CVE-2021-1999",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1999"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-045",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-01-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2021 du 19 janvier 2021",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
}
]
}
CERTFR-2020-AVI-665
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Oracle ZFS Storage Appliance kit version 8.8 sans le dernier correctif de sécurité | ||
| Oracle | Systems | Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S de Oracle Systems de firmware antérieur à XCP2362 | ||
| Oracle | Systems | Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S de Oracle Systems de firmware antérieur à XCP3090 | ||
| Oracle | N/A | Oracle Solaris versions 10 et 11 sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle ZFS Storage Appliance kit version 8.8 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S de Oracle Systems de firmware ant\u00e9rieur \u00e0 XCP2362",
"product": {
"name": "Systems",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S de Oracle Systems de firmware ant\u00e9rieur \u00e0 XCP3090",
"product": {
"name": "Systems",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et 11 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14759",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14759"
},
{
"name": "CVE-2020-3909",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3909"
},
{
"name": "CVE-2019-11477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
},
{
"name": "CVE-2020-14758",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14758"
},
{
"name": "CVE-2020-14754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14754"
},
{
"name": "CVE-2020-14871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
},
{
"name": "CVE-2020-14818",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14818"
},
{
"name": "CVE-2018-3693",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3693"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-665",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-21T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2020 du 20 octobre 2020",
"url": "https://www.oracle.com/security-alerts/cpuoct2020verbose.html"
}
]
}
CERTFR-2020-AVI-436
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle ZFS Storage Appliance Kit 8.8 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris 11.x sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-14724",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14724"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2019-5489",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5489"
},
{
"name": "CVE-2020-14542",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14542"
},
{
"name": "CVE-2020-14545",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14545"
},
{
"name": "CVE-2018-12207",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
},
{
"name": "CVE-2020-14537",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14537"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-436",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 d\u00e9taill\u00e9 Oracle cpujul2020 du 14 juillet 2020",
"url": "https://www.oracle.com/security-alerts/cpujul2020verbose.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2020 du 14 juillet 2020",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
]
}
CERTFR-2020-AVI-219
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Sun ZFS Storage Appliance Kit version 8.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "StorageTek Tape Analytics SW Tool version 2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1165"
},
{
"name": "CVE-2020-2749",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2749"
},
{
"name": "CVE-2020-2851",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2851"
},
{
"name": "CVE-2019-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
},
{
"name": "CVE-2020-2927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2927"
},
{
"name": "CVE-2020-2771",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2771"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2020-2944",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2944"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-219",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020 du 14 avril 2020",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2020verbose du 14 avril 2020",
"url": "https://www.oracle.com/security-alerts/cpuapr2020verbose.html#SUNS"
}
]
}
CERTFR-2020-AVI-037
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle VM Server for SPARC version 3.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Tape Library ACSLS, versions 8.5 et 8.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Sun ZFS Storage Appliance Kit version 8.8.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2578"
},
{
"name": "CVE-2019-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
},
{
"name": "CVE-2020-2696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2696"
},
{
"name": "CVE-2020-2565",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2565"
},
{
"name": "CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"name": "CVE-2019-9636",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9636"
},
{
"name": "CVE-2018-15756",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15756"
},
{
"name": "CVE-2019-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"
},
{
"name": "CVE-2020-2656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2656"
},
{
"name": "CVE-2020-2680",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2680"
},
{
"name": "CVE-2020-2571",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2571"
},
{
"name": "CVE-2020-2647",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2647"
},
{
"name": "CVE-2020-2558",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2558"
},
{
"name": "CVE-2019-9579",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9579"
},
{
"name": "CVE-2016-1000031",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1000031"
},
{
"name": "CVE-2020-2605",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2605"
},
{
"name": "CVE-2020-2664",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2664"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-037",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020verbose du 14 janvier 2020",
"url": "https://www.oracle.com/security-alerts/cpujan2020verbose.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2020 du 14 janvier 2020",
"url": "https://www.oracle.com/security-alerts/cpujan2020.html"
}
]
}
CERTFR-2019-AVI-510
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2, M12-2S Servers, versions ant\u00e9rieures \u00e0 XCP2361 et ant\u00e9rieures \u00e0 XCP3071",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-18066",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18066"
},
{
"name": "CVE-2019-3008",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3008"
},
{
"name": "CVE-2019-6109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
},
{
"name": "CVE-2019-2961",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2961"
},
{
"name": "CVE-2015-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5180"
},
{
"name": "CVE-2019-3010",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3010"
},
{
"name": "CVE-2019-2765",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2765"
},
{
"name": "CVE-2018-7185",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7185"
},
{
"name": "CVE-2017-17558",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17558"
},
{
"name": "CVE-2018-12404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12404"
},
{
"name": "CVE-2018-0732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0732"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-510",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2019-5072832 du 15 octobre 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixSUNS"
}
]
}
CERTFR-2019-AVI-507
Vulnerability from certfr_avis - Published: - Updated:
Une importante vulnérabilité a été découverte dans Oracle NoSQL Database. Elle permet à un attaquant non authentifié de compromettre à distance (via le protocole HTTP) une base de données Oracle NoSQL.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle NoSQL Database versions ant\u00e9rieures \u00e0 19.3.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-507",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une importante vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Oracle NoSQL\nDatabase. Elle permet \u00e0 un attaquant non authentifi\u00e9 de compromettre \u00e0\ndistance (via le protocole HTTP) une base de donn\u00e9es Oracle NoSQL.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Oracle NoSQL Database",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2019-5072832 du 15 octobre 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixNSQL"
}
]
}
CERTFR-2019-AVI-342
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tape Virtual Storage Manager GUI version 6.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Sun ZFS Storage Appliance Kit (AK) version 8.8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10, 11.3 et 11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "StorageTek Tape Analytics SW Tool version 2.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5598"
},
{
"name": "CVE-2019-2729",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2729"
},
{
"name": "CVE-2019-2832",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2832"
},
{
"name": "CVE-2019-2725",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2725"
},
{
"name": "CVE-2019-2788",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2788"
},
{
"name": "CVE-2019-2807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2807"
},
{
"name": "CVE-2019-5597",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-5597"
},
{
"name": "CVE-2019-2787",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2787"
},
{
"name": "CVE-2019-2820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2820"
},
{
"name": "CVE-2019-2804",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2804"
},
{
"name": "CVE-2019-2878",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2878"
},
{
"name": "CVE-2019-2844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2844"
},
{
"name": "CVE-2019-2838",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2838"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-342",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-07-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujul2019verbose-5072838-5072835 du 16 juillet 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019verbose-5072838.html#SUNS"
}
]
}
CERTFR-2019-AVI-176
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Solaris versions 10 et 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-2577",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2577"
},
{
"name": "CVE-2018-20685",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
},
{
"name": "CVE-2019-2704",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2704"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-176",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019verbose-5072824 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019verbose-5072824.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuapr2019-5072813 du 16 avril 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
}
]
}
CERTFR-2019-AVI-023
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Tape Library ACSLS version 8.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Sun ZFS Storage Appliance Kit (AK) versions ant\u00e9rieures \u00e0 8.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Solaris versions 10 et 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-6913",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6913"
},
{
"name": "CVE-2017-1000456",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000456"
},
{
"name": "CVE-2018-19628",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19628"
},
{
"name": "CVE-2018-19158",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19158"
},
{
"name": "CVE-2018-13988",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13988"
},
{
"name": "CVE-2017-14517",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14517"
},
{
"name": "CVE-2018-3282",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3282"
},
{
"name": "CVE-2016-0635",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0635"
},
{
"name": "CVE-2018-0739",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0739"
},
{
"name": "CVE-2018-1000115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000115"
},
{
"name": "CVE-2018-9918",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9918"
},
{
"name": "CVE-2019-2545",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2545"
},
{
"name": "CVE-2019-2541",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2541"
},
{
"name": "CVE-2018-0734",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0734"
},
{
"name": "CVE-2019-2544",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2544"
},
{
"name": "CVE-2018-3247",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3247"
},
{
"name": "CVE-2018-1275",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1275"
},
{
"name": "CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"name": "CVE-2019-2543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2543"
},
{
"name": "CVE-2017-5645",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
},
{
"name": "CVE-2017-18267",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18267"
},
{
"name": "CVE-2019-2412",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2412"
},
{
"name": "CVE-2016-8705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8705"
},
{
"name": "CVE-2018-17183",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-17183"
},
{
"name": "CVE-2019-2437",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-2437"
},
{
"name": "CVE-2018-3646",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
},
{
"name": "CVE-2018-5407",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5407"
},
{
"name": "CVE-2018-3070",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3070"
},
{
"name": "CVE-2018-15909",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15909"
},
{
"name": "CVE-2018-11763",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11763"
}
],
"links": [],
"reference": "CERTFR-2019-AVI-023",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-01-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019-5072801 du 15 janvier 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html#AppendixSUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle bulletinjan2019-5251593 du 15 janvier 2019",
"url": "https://www.oracle.com/technetwork/topics/security/bulletinjan2019-5251593.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpujan2019verbose-5072807 du 15 janvier 2019",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019verbose-5072807.html#SUNS"
}
]
}
CERTFR-2018-AVI-494
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Database. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Oracle Database version 12.1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database version 11.2.0.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database version 18c",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Oracle Database version 12.2.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-3299",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3299"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2018-3259",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3259"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-494",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Database.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Database",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#DB"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
CERTFR-2018-AVI-496
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Oracle Sun Systems. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Oracle | N/A | Solaris version 11.4 | ||
| Oracle | N/A | Solaris version 10 | ||
| Oracle | N/A | Solaris version 11.3 | ||
| Oracle | N/A | Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2 et M12-2S antérieurs à XCP2352 ou XCP3050 | ||
| Oracle | N/A | Serveurs SPARC Enterprise M3000, M4000, M5000, M8000 et M9000 antérieurs à XCP1123 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solaris version 11.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Solaris version 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Solaris version 11.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Serveurs Fujitsu M10-1, M10-4, M10-4S, M12-1, M12-2 et M12-2S ant\u00e9rieurs \u00e0 XCP2352 ou XCP3050",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
},
{
"description": "Serveurs SPARC Enterprise M3000, M4000, M5000, M8000 et M9000 ant\u00e9rieurs \u00e0 XCP1123",
"product": {
"name": "N/A",
"vendor": {
"name": "Oracle",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7407"
},
{
"name": "CVE-2018-2922",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2922"
},
{
"name": "CVE-2018-3275",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3275"
},
{
"name": "CVE-2018-3264",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3264"
},
{
"name": "CVE-2016-5244",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5244"
},
{
"name": "CVE-2018-3267",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3267"
},
{
"name": "CVE-2018-3268",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3268"
},
{
"name": "CVE-2018-3270",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3270"
},
{
"name": "CVE-2018-3273",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3273"
},
{
"name": "CVE-2018-3172",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3172"
},
{
"name": "CVE-2018-3272",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3272"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2018-3274",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3274"
},
{
"name": "CVE-2018-3266",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3266"
},
{
"name": "CVE-2018-3269",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3269"
},
{
"name": "CVE-2015-6937",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6937"
},
{
"name": "CVE-2018-3265",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3265"
},
{
"name": "CVE-2018-3263",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3263"
},
{
"name": "CVE-2018-3271",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3271"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-496",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Oracle Sun Systems.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Oracle Sun Systems",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle cpuoct2018verbose du 16 octobre 2018",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018verbose-5170927.html#SUNS"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Oracle du 16 octobre 2018",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}