Vulnerability-Lookup

CVE-2015-3456 (GCVE-0-2015-3456)

Vulnerability from cvelistv5 – Published: 2015-05-13 18:00 – Updated: 2024-08-06 05:47

Summary

The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

49 references

URL	Tags
https://www.exploit-db.com/exploits/37053/	exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1032306	vdb-entryx_refsource_SECTRACK
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://kb.juniper.net/JSA10783	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3259	vendor-advisoryx_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/201612-27	vendor-advisoryx_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2015-0999.html	vendor-advisoryx_refsource_REDHAT
https://kc.mcafee.com/corporate/index?page=conten…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-1001.html	vendor-advisoryx_refsource_REDHAT
http://marc.info/?l=bugtraq&m=143229451215900&w=2	vendor-advisoryx_refsource_HP
http://support.citrix.com/article/CTX201078	x_refsource_CONFIRM
http://xenbits.xen.org/xsa/advisory-133.html	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1003.html	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.securitytracker.com/id/1032917	vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=143387998230996&w=2	vendor-advisoryx_refsource_HP
http://rhn.redhat.com/errata/RHSA-2015-0998.html	vendor-advisoryx_refsource_REDHAT
https://www.suse.com/security/cve/CVE-2015-3456.html	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
https://bto.bluecoat.com/security-advisory/sa95	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1004.html	vendor-advisoryx_refsource_REDHAT
http://venom.crowdstrike.com/	x_refsource_MISC
http://rhn.redhat.com/errata/RHSA-2015-1011.html	vendor-advisoryx_refsource_REDHAT
https://support.lenovo.com/us/en/product_security/venom	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3B…	x_refsource_CONFIRM
https://security.gentoo.org/glsa/201604-03	vendor-advisoryx_refsource_GENTOO
http://rhn.redhat.com/errata/RHSA-2015-1002.html	vendor-advisoryx_refsource_REDHAT
http://www.ubuntu.com/usn/USN-2608-1	vendor-advisoryx_refsource_UBUNTU
https://securityblog.redhat.com/2015/05/13/venom-…	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://kb.juniper.net/InfoCenter/index?page=conte…	x_refsource_CONFIRM
http://www.securitytracker.com/id/1032311	vdb-entryx_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=143229451215900&w=2	vendor-advisoryx_refsource_HP
http://www1.huawei.com/en/security/psirt/security…	x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3262	vendor-advisoryx_refsource_DEBIAN
https://security.gentoo.org/glsa/201602-01	vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/74640	vdb-entryx_refsource_BID
http://www.debian.org/security/2015/dsa-3274	vendor-advisoryx_refsource_DEBIAN
http://www.fortiguard.com/advisory/2015-05-19-cve…	x_refsource_CONFIRM
https://access.redhat.com/articles/1444903	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1000.html	vendor-advisoryx_refsource_REDHAT
https://www.arista.com/en/support/advisories-noti…	x_refsource_MISC

Date Public ?

2015-05-13 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:47:57.892Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "37053",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37053/"
          },
          {
            "name": "1032306",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032306"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
          },
          {
            "name": "SUSE-SU-2015:0889",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA10783"
          },
          {
            "name": "DSA-3259",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3259"
          },
          {
            "name": "SUSE-SU-2015:0929",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
          },
          {
            "name": "SUSE-SU-2015:0896",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
          },
          {
            "name": "GLSA-201612-27",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201612-27"
          },
          {
            "name": "RHSA-2015:0999",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
          },
          {
            "name": "SUSE-SU-2015:0923",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
          },
          {
            "name": "RHSA-2015:1001",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
          },
          {
            "name": "HPSBMU03336",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.citrix.com/article/CTX201078"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-133.html"
          },
          {
            "name": "RHSA-2015:1003",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
          },
          {
            "name": "openSUSE-SU-2015:0893",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
          },
          {
            "name": "1032917",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032917"
          },
          {
            "name": "HPSBMU03349",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
          },
          {
            "name": "RHSA-2015:0998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
          },
          {
            "name": "openSUSE-SU-2015:0894",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
          },
          {
            "name": "FEDORA-2015-8249",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa95"
          },
          {
            "name": "RHSA-2015:1004",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://venom.crowdstrike.com/"
          },
          {
            "name": "RHSA-2015:1011",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/venom"
          },
          {
            "name": "SUSE-SU-2015:0927",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c"
          },
          {
            "name": "GLSA-201604-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201604-03"
          },
          {
            "name": "RHSA-2015:1002",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
          },
          {
            "name": "USN-2608-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2608-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
          },
          {
            "name": "openSUSE-SU-2015:0983",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
          },
          {
            "name": "1032311",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032311"
          },
          {
            "name": "SSRT102076",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
          },
          {
            "name": "DSA-3262",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3262"
          },
          {
            "name": "GLSA-201602-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201602-01"
          },
          {
            "name": "openSUSE-SU-2015:1400",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
          },
          {
            "name": "74640",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74640"
          },
          {
            "name": "DSA-3274",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3274"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/articles/1444903"
          },
          {
            "name": "RHSA-2015:1000",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-05-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-05T16:32:45.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "37053",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37053/"
        },
        {
          "name": "1032306",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032306"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
        },
        {
          "name": "SUSE-SU-2015:0889",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.juniper.net/JSA10783"
        },
        {
          "name": "DSA-3259",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3259"
        },
        {
          "name": "SUSE-SU-2015:0929",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
        },
        {
          "name": "SUSE-SU-2015:0896",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
        },
        {
          "name": "GLSA-201612-27",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201612-27"
        },
        {
          "name": "RHSA-2015:0999",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
        },
        {
          "name": "SUSE-SU-2015:0923",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
        },
        {
          "name": "RHSA-2015:1001",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
        },
        {
          "name": "HPSBMU03336",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.citrix.com/article/CTX201078"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-133.html"
        },
        {
          "name": "RHSA-2015:1003",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
        },
        {
          "name": "openSUSE-SU-2015:0893",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
        },
        {
          "name": "1032917",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032917"
        },
        {
          "name": "HPSBMU03349",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
        },
        {
          "name": "RHSA-2015:0998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
        },
        {
          "name": "openSUSE-SU-2015:0894",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
        },
        {
          "name": "FEDORA-2015-8249",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bto.bluecoat.com/security-advisory/sa95"
        },
        {
          "name": "RHSA-2015:1004",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://venom.crowdstrike.com/"
        },
        {
          "name": "RHSA-2015:1011",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/venom"
        },
        {
          "name": "SUSE-SU-2015:0927",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c"
        },
        {
          "name": "GLSA-201604-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201604-03"
        },
        {
          "name": "RHSA-2015:1002",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
        },
        {
          "name": "USN-2608-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2608-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
        },
        {
          "name": "openSUSE-SU-2015:0983",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
        },
        {
          "name": "1032311",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032311"
        },
        {
          "name": "SSRT102076",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
        },
        {
          "name": "DSA-3262",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3262"
        },
        {
          "name": "GLSA-201602-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201602-01"
        },
        {
          "name": "openSUSE-SU-2015:1400",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
        },
        {
          "name": "74640",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74640"
        },
        {
          "name": "DSA-3274",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3274"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/articles/1444903"
        },
        {
          "name": "RHSA-2015:1000",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3456",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "37053",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/37053/"
            },
            {
              "name": "1032306",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032306"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
            },
            {
              "name": "SUSE-SU-2015:0889",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html"
            },
            {
              "name": "https://kb.juniper.net/JSA10783",
              "refsource": "CONFIRM",
              "url": "https://kb.juniper.net/JSA10783"
            },
            {
              "name": "DSA-3259",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3259"
            },
            {
              "name": "SUSE-SU-2015:0929",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html"
            },
            {
              "name": "SUSE-SU-2015:0896",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
            },
            {
              "name": "GLSA-201612-27",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201612-27"
            },
            {
              "name": "RHSA-2015:0999",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0999.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118"
            },
            {
              "name": "SUSE-SU-2015:0923",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html"
            },
            {
              "name": "RHSA-2015:1001",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1001.html"
            },
            {
              "name": "HPSBMU03336",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
            },
            {
              "name": "http://support.citrix.com/article/CTX201078",
              "refsource": "CONFIRM",
              "url": "http://support.citrix.com/article/CTX201078"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-133.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-133.html"
            },
            {
              "name": "RHSA-2015:1003",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1003.html"
            },
            {
              "name": "openSUSE-SU-2015:0893",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html"
            },
            {
              "name": "1032917",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032917"
            },
            {
              "name": "HPSBMU03349",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2"
            },
            {
              "name": "RHSA-2015:0998",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0998.html"
            },
            {
              "name": "https://www.suse.com/security/cve/CVE-2015-3456.html",
              "refsource": "CONFIRM",
              "url": "https://www.suse.com/security/cve/CVE-2015-3456.html"
            },
            {
              "name": "openSUSE-SU-2015:0894",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html"
            },
            {
              "name": "FEDORA-2015-8249",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa95",
              "refsource": "CONFIRM",
              "url": "https://bto.bluecoat.com/security-advisory/sa95"
            },
            {
              "name": "RHSA-2015:1004",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1004.html"
            },
            {
              "name": "http://venom.crowdstrike.com/",
              "refsource": "MISC",
              "url": "http://venom.crowdstrike.com/"
            },
            {
              "name": "RHSA-2015:1011",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1011.html"
            },
            {
              "name": "https://support.lenovo.com/us/en/product_security/venom",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/product_security/venom"
            },
            {
              "name": "SUSE-SU-2015:0927",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html"
            },
            {
              "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c",
              "refsource": "CONFIRM",
              "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e907746266721f305d67bc0718795fedee2e824c"
            },
            {
              "name": "GLSA-201604-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201604-03"
            },
            {
              "name": "RHSA-2015:1002",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1002.html"
            },
            {
              "name": "USN-2608-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2608-1"
            },
            {
              "name": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/",
              "refsource": "CONFIRM",
              "url": "https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/"
            },
            {
              "name": "openSUSE-SU-2015:0983",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html"
            },
            {
              "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693",
              "refsource": "CONFIRM",
              "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693"
            },
            {
              "name": "1032311",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032311"
            },
            {
              "name": "SSRT102076",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2"
            },
            {
              "name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm",
              "refsource": "CONFIRM",
              "url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm"
            },
            {
              "name": "DSA-3262",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3262"
            },
            {
              "name": "GLSA-201602-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201602-01"
            },
            {
              "name": "openSUSE-SU-2015:1400",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html"
            },
            {
              "name": "74640",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74640"
            },
            {
              "name": "DSA-3274",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3274"
            },
            {
              "name": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability",
              "refsource": "CONFIRM",
              "url": "http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability"
            },
            {
              "name": "https://access.redhat.com/articles/1444903",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/articles/1444903"
            },
            {
              "name": "RHSA-2015:1000",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1000.html"
            },
            {
              "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10",
              "refsource": "MISC",
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3456",
    "datePublished": "2015-05-13T18:00:00.000Z",
    "dateReserved": "2015-04-29T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:47:57.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2015-3456",
      "date": "2026-05-20",
      "epss": "0.32263",
      "percentile": "0.96901"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.3.0\", \"matchCriteriaId\": \"ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"105130E9-D48E-4FB8-A715-E6438EC7E744\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1802FDB8-C919-4D5E-A8AD-4C5B72525090\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B152EDF3-3140-4343-802F-F4F1C329F5C3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"31EC146C-A6F6-4C0D-AF87-685286262DAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9DAA72A4-AC7D-4544-89D4-5B07961D5A95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90CCECD0-C0F9-45A8-8699-64428637EBCA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.\"}, {\"lang\": \"es\", \"value\": \"Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegaci\\u00f3n de servicio (escritura fuera de rango y ca\\u00edda del invitado) o posiblemente ejecutar c\\u00f3digo arbitrario a trav\\u00e9s de (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, u otros comandos sin especificar, tambi\\u00e9n conocido como VENOM.\"}]",
      "evaluatorComment": "Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker\u2019s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM",
      "id": "CVE-2015-3456",
      "lastModified": "2024-11-21T02:29:27.637",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 7.7, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 5.1, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-05-13T18:59:00.157",
      "references": "[{\"url\": \"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0998.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0999.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1001.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1002.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1003.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1004.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1011.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.citrix.com/article/CTX201078\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://venom.crowdstrike.com/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3259\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3262\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3274\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/74640\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1032306\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1032311\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id/1032917\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2608-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-133.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://access.redhat.com/articles/1444903\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa95\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kb.juniper.net/JSA10783\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201602-01\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201604-03\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/201612-27\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://support.lenovo.com/us/en/product_security/venom\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/37053/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.suse.com/security/cve/CVE-2015-3456.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0998.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0999.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1002.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1003.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-1011.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.citrix.com/article/CTX201078\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://venom.crowdstrike.com/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3259\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3262\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/74640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032306\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032311\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1032917\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2608-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-133.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/articles/1444903\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bto.bluecoat.com/security-advisory/sa95\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kb.juniper.net/JSA10783\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201602-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201604-03\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201612-27\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.lenovo.com/us/en/product_security/venom\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/37053/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.suse.com/security/cve/CVE-2015-3456.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3456\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2015-05-13T18:59:00.157\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.\"},{\"lang\":\"es\",\"value\":\"Floppy Disk Controller (FDC) en QEMU, utilizado en Xen 4.5.x y anteriores y KVM, permite a usuarios locales invitados causar una denegaci\u00f3n de servicio (escritura fuera de rango y ca\u00edda del invitado) o posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, u otros comandos sin especificar, tambi\u00e9n conocido como VENOM.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":7.7,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":5.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.3.0\",\"matchCriteriaId\":\"ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:enterprise_virtualization:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"105130E9-D48E-4FB8-A715-E6438EC7E744\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1802FDB8-C919-4D5E-A8AD-4C5B72525090\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B152EDF3-3140-4343-802F-F4F1C329F5C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"31EC146C-A6F6-4C0D-AF87-685286262DAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openstack:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9DAA72A4-AC7D-4544-89D4-5B07961D5A95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90CCECD0-C0F9-45A8-8699-64428637EBCA\"}]}]}],\"references\":[{\"url\":\"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0998.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0999.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1002.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1003.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1004.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1011.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.citrix.com/article/CTX201078\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://venom.crowdstrike.com/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3259\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3262\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3274\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/74640\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1032306\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1032311\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1032917\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2608-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-133.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/articles/1444903\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa95\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kb.juniper.net/JSA10783\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201602-01\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201604-03\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201612-27\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.lenovo.com/us/en/product_security/venom\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/37053/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.suse.com/security/cve/CVE-2015-3456.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=e907746266721f305d67bc0718795fedee2e824c\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158072.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00013.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00018.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-08/msg00021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143229451215900\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=143387998230996\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0998.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0999.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-1011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.citrix.com/article/CTX201078\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://venom.crowdstrike.com/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3259\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3262\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.fortiguard.com/advisory/2015-05-19-cve-2015-3456-venom-vulnerability\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/74640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032306\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032311\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032917\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2608-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-438937.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-133.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/articles/1444903\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bto.bluecoat.com/security-advisory/sa95\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kb.juniper.net/JSA10783\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201602-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201604-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201612-27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://securityblog.redhat.com/2015/05/13/venom-dont-get-bitten/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.lenovo.com/us/en/product_security/venom\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.arista.com/en/support/advisories-notices/security-advisories/1128-security-advisory-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/37053/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.suse.com/security/cve/CVE-2015-3456.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorComment\":\"Though the VENOM vulnerability is also agnostic of the guest operating system, an attacker (or an attacker\u2019s malware) would need to have administrative or root privileges in the guest operating system in order to exploit VENOM\"}}"
  }
}

CERTFR-2015-AVI-224

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Xen. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Xen sur x86

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Xen XSA-133 du 13 mai 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eXen sur x86\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-224",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eXen\u003c/span\u003e.\nElle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-133 du 13 mai 2015",
      "url": "http://xenbits.xen.org/xsa/advisory-133.html"
    }
  ]
}

CERTFR-2015-AVI-231

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans les produits Oracle. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oravle VM versions 3.3 et antérieures
Oracle	N/A	Oracle Linux versions 7 et antérieures
Oracle	N/A	Oracle VirtualBox verions antérieures à 4.3.28

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle du 15 mai 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oravle VM versions 3.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Linux versions 7 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VirtualBox verions ant\u00e9rieures \u00e0 4.3.28",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-231",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eOracle\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 15 mai 2015",
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html"
    }
  ]
}

CERTFR-2015-AVI-232

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans BlueCoat XOS. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

BlueCoat XOS version antérieures à 11.0

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité BlueCoat SA95 du 15 mai 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eBlueCoat XOS version ant\u00e9rieures \u00e0 11.0\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-232",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eBlueCoat\nXOS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BlueCoat XOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 BlueCoat SA95 du 15 mai 2015",
      "url": "https://bto.bluecoat.com/security-advisory/sa95"
    }
  ]
}

CERTFR-2015-AVI-286

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une élévation de privilèges.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ESET	Security	SRX Network Security Daemon
N/A	N/A	Junos OS avec J-Web activé
Juniper Networks	Junos OS	Junos OS 12.1X46-D15 et versions ultérieures
N/A	N/A	CTPView version 7.1R1

References

Title

Publication Time

Tags

Référence CVE CVE-2015-3456	-	other
Référence CVE CVE-2015-3007	-	other
Référence CVE CVE-2014-6447	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5359	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015 http://	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5360	-	other
Référence CVE CVE-2015-5363	-	other
Référence CVE CVE-2015-5358	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5362	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2014-0226	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5357	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SRX Network Security Daemon",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS avec J-Web activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS 12.1X46-D15 et versions ult\u00e9rieures",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView version 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3007"
    },
    {
      "name": "CVE-2015-5362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5362"
    },
    {
      "name": "CVE-2014-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2015-5358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5358"
    },
    {
      "name": "CVE-2014-6447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6447"
    },
    {
      "name": "CVE-2015-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5363"
    },
    {
      "name": "CVE-2015-5357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5357"
    },
    {
      "name": "CVE-2015-5359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5359"
    },
    {
      "name": "CVE-2015-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5360"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-3007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3007"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2014-6447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6447"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10684\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10692\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5359"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015      http://",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10688\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5360"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5363"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5358"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10690\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5362"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2014-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10687\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5357"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10686\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10685\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ],
  "reference": "CERTFR-2015-AVI-286",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": []
}

CERTFR-2017-AVI-111

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Juniper EX Series avec IPv6
Juniper Networks	Junos OS	Junos OS versions 15.1 et postérieures avec BGP
Juniper Networks	N/A	NorthStar Controller Application antérieures à la version 2.1.0 SP1
Juniper Networks	Junos OS	Junos OS
Juniper Networks	N/A	Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif

References

Title

Publication Time

Tags

Bulletin de sécurité JSA10776 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10778 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10781 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10785 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10780 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10783 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10786 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10777 Juniper du 12 avril 2017	None	vendor-advisory
Bulletin de sécurité JSA10784 Juniper du 12 avril 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper EX Series avec IPv6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions 15.1 et post\u00e9rieures avec BGP",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "NorthStar Controller Application ant\u00e9rieures \u00e0 la version 2.1.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper SRX, vSRX et J-Series avec le serveur DNS Proxy actif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-9310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9310"
    },
    {
      "name": "CVE-2017-2322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2322"
    },
    {
      "name": "CVE-2015-7973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7973"
    },
    {
      "name": "CVE-2017-2316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2316"
    },
    {
      "name": "CVE-2017-2328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2328"
    },
    {
      "name": "CVE-2016-9131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9131"
    },
    {
      "name": "CVE-2015-1349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1349"
    },
    {
      "name": "CVE-2017-2333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2333"
    },
    {
      "name": "CVE-2015-5477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5477"
    },
    {
      "name": "CVE-2015-8158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8158"
    },
    {
      "name": "CVE-2015-2808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-2808"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2016-7429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7429"
    },
    {
      "name": "CVE-2017-2319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2319"
    },
    {
      "name": "CVE-2013-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4450"
    },
    {
      "name": "CVE-2016-1886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1886"
    },
    {
      "name": "CVE-2016-9311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9311"
    },
    {
      "name": "CVE-2015-8138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8138"
    },
    {
      "name": "CVE-2017-2334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2334"
    },
    {
      "name": "CVE-2017-2332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2332"
    },
    {
      "name": "CVE-2017-2340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2340"
    },
    {
      "name": "CVE-2017-2325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2325"
    },
    {
      "name": "CVE-2015-4620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4620"
    },
    {
      "name": "CVE-2017-2329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2329"
    },
    {
      "name": "CVE-2017-2318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2318"
    },
    {
      "name": "CVE-2017-2320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2320"
    },
    {
      "name": "CVE-2015-8104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8104"
    },
    {
      "name": "CVE-2016-7427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7427"
    },
    {
      "name": "CVE-2017-2330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2330"
    },
    {
      "name": "CVE-2017-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2324"
    },
    {
      "name": "CVE-2017-2317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2317"
    },
    {
      "name": "CVE-2016-1014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1014"
    },
    {
      "name": "CVE-2016-2776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2776"
    },
    {
      "name": "CVE-2015-7979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7979"
    },
    {
      "name": "CVE-2015-3209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
    },
    {
      "name": "CVE-2017-2331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2331"
    },
    {
      "name": "CVE-2017-2326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2326"
    },
    {
      "name": "CVE-2017-2315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2315"
    },
    {
      "name": "CVE-2016-7431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7431"
    },
    {
      "name": "CVE-2017-2313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2313"
    },
    {
      "name": "CVE-2017-2323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2323"
    },
    {
      "name": "CVE-2016-9147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9147"
    },
    {
      "name": "CVE-2017-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2327"
    },
    {
      "name": "CVE-2015-5307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5307"
    },
    {
      "name": "CVE-2016-8864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8864"
    },
    {
      "name": "CVE-2017-2321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2321"
    },
    {
      "name": "CVE-2017-2312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2312"
    },
    {
      "name": "CVE-2016-9444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9444"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, une ex\u00e9cution de code arbitraire et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10776 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10776\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10778 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10778\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10781 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10781\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10785 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10785\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10780 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10780\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10783 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10783\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10786 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10786\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10777 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10777\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 JSA10784 Juniper du 12 avril 2017",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10784\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2019-AVI-636

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans Juniper EX et QFX. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Juniper Networks	Junos OS	QFX5100 et QFX10002 avec Junos OS versions antérieures à 13.2X51-D40 (bientôt disponible) ou 14.1X53-D30 (bientôt disponible)
	Juniper Networks	Junos OS	EX4600 avec Junos OS versions antérieures à 13.2X51-D40 (bientôt disponible) ou 14.1X53-D30 (bientôt disponible)

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA10693 du 17 décembre 2019

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QFX5100 et QFX10002 avec Junos OS versions ant\u00e9rieures \u00e0 13.2X51-D40 (bient\u00f4t disponible) ou 14.1X53-D30 (bient\u00f4t disponible)",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "EX4600 avec Junos OS versions ant\u00e9rieures \u00e0 13.2X51-D40 (bient\u00f4t disponible) ou 14.1X53-D30 (bient\u00f4t disponible)",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-636",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-12-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Juniper EX et QFX. Elle permet \u00e0\nun attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Juniper EX et QFX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10693 du 17 d\u00e9cembre 2019",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2015-AVI-224

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans Xen. Elle permet à un attaquant de provoquer une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Xen sur x86

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Xen XSA-133 du 13 mai 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eXen sur x86\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-224",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eXen\u003c/span\u003e.\nElle permet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-133 du 13 mai 2015",
      "url": "http://xenbits.xen.org/xsa/advisory-133.html"
    }
  ]
}

CERTFR-2015-AVI-231

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans les produits Oracle. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oravle VM versions 3.3 et antérieures
Oracle	N/A	Oracle Linux versions 7 et antérieures
Oracle	N/A	Oracle VirtualBox verions antérieures à 4.3.28

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle du 15 mai 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oravle VM versions 3.3 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Linux versions 7 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle VirtualBox verions ant\u00e9rieures \u00e0 4.3.28",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-231",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans les produits \u003cspan\nclass=\"textit\"\u003eOracle\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle du 15 mai 2015",
      "url": "http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html"
    }
  ]
}

CERTFR-2015-AVI-232

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans BlueCoat XOS. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

BlueCoat XOS version antérieures à 11.0

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité BlueCoat SA95 du 15 mai 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eBlueCoat XOS version ant\u00e9rieures \u00e0 11.0\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    }
  ],
  "links": [],
  "reference": "CERTFR-2015-AVI-232",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-05-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eBlueCoat\nXOS\u003c/span\u003e. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans BlueCoat XOS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 BlueCoat SA95 du 15 mai 2015",
      "url": "https://bto.bluecoat.com/security-advisory/sa95"
    }
  ]
}

CERTFR-2015-AVI-286

Vulnerability from certfr_avis - Published: - Updated:

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
ESET	Security	SRX Network Security Daemon
N/A	N/A	Junos OS avec J-Web activé
Juniper Networks	Junos OS	Junos OS 12.1X46-D15 et versions ultérieures
N/A	N/A	CTPView version 7.1R1

References

Title

Publication Time

Tags

Référence CVE CVE-2015-3456	-	other
Référence CVE CVE-2015-3007	-	other
Référence CVE CVE-2014-6447	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5359	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015 http://	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5360	-	other
Référence CVE CVE-2015-5363	-	other
Référence CVE CVE-2015-5358	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5362	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2014-0226	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Référence CVE CVE-2015-5357	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other
Bulletin de sécurité Juniper du 09 juillet 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SRX Network Security Daemon",
      "product": {
        "name": "Security",
        "vendor": {
          "name": "ESET",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS avec J-Web activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS 12.1X46-D15 et versions ult\u00e9rieures",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPView version 7.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3007"
    },
    {
      "name": "CVE-2015-5362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5362"
    },
    {
      "name": "CVE-2014-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226"
    },
    {
      "name": "CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "name": "CVE-2015-5358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5358"
    },
    {
      "name": "CVE-2014-6447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6447"
    },
    {
      "name": "CVE-2015-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5363"
    },
    {
      "name": "CVE-2015-5357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5357"
    },
    {
      "name": "CVE-2015-5359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5359"
    },
    {
      "name": "CVE-2015-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5360"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-3456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3456"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-3007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3007"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2014-6447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-6447"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10684\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10692\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5359"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10693\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015      http://",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10682\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10688\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5360"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5363"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5358"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10690\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5362",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5362"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2014-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-0226"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10687\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2015-5357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5357"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10686\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper du 09 juillet 2015",
      "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10685\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ],
  "reference": "CERTFR-2015-AVI-286",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une \u00e9l\u00e9vation de\nprivil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3456 (GCVE-0-2015-3456)

Solution

Solution

Solution

Contournement provisoire

Solution

Solution

Solution

Solution

Solution

Contournement provisoire

Tags

Sightings

Nomenclature