Vulnerability-Lookup

CVE-2010-0405 (GCVE-0-2010-0405)

Vulnerability from cvelistv5 – Published: 2010-09-28 17:00 – Updated: 2024-08-07 00:45

Summary

Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

35 references

URL	Tags
http://www.ubuntu.com/usn/USN-986-3	vendor-advisoryx_refsource_UBUNTU
http://git.clamav.net/gitweb?p=clamav-devel.git%3…	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.ubuntu.com/usn/usn-986-1	vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-986-2	vendor-advisoryx_refsource_UBUNTU
http://secunia.com/advisories/41452	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/42404	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/48378	third-party-advisoryx_refsource_SECUNIA
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/3073	vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/2455	vdb-entryx_refsource_VUPEN
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://secunia.com/advisories/42530	third-party-advisoryx_refsource_SECUNIA
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231	x_refsource_CONFIRM
http://marc.info/?l=oss-security&m=128506868510655&w=2	mailing-listx_refsource_MLIST
http://secunia.com/advisories/42529	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/archive/1/515055/100…	mailing-listx_refsource_BUGTRAQ
http://secunia.com/advisories/41505	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3052	vdb-entryx_refsource_VUPEN
http://www.redhat.com/support/errata/RHSA-2010-07…	vendor-advisoryx_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2010-08…	vendor-advisoryx_refsource_REDHAT
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://blogs.sun.com/security/entry/cve_2010_0405…	x_refsource_CONFIRM
http://secunia.com/advisories/42405	third-party-advisoryx_refsource_SECUNIA
http://xorl.wordpress.com/2010/09/21/cve-2010-040…	x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=627882	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/3126	vdb-entryx_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-201301-05.xml	vendor-advisoryx_refsource_GENTOO
http://www.vmware.com/security/advisories/VMSA-20…	x_refsource_CONFIRM
http://www.bzip.org/	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/3127	vdb-entryx_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/3043	vdb-entryx_refsource_VUPEN
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://secunia.com/advisories/42350	third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT4581	x_refsource_CONFIRM

Date Public ?

2010-09-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:45:12.275Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "USN-986-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-986-3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3"
          },
          {
            "name": "FEDORA-2010-17439",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
          },
          {
            "name": "USN-986-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-986-1"
          },
          {
            "name": "USN-986-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-986-2"
          },
          {
            "name": "41452",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41452"
          },
          {
            "name": "42404",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42404"
          },
          {
            "name": "48378",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48378"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
          },
          {
            "name": "ADV-2010-3073",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3073"
          },
          {
            "name": "ADV-2010-2455",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2455"
          },
          {
            "name": "APPLE-SA-2011-03-21-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
          },
          {
            "name": "42530",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42530"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
          },
          {
            "name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
          },
          {
            "name": "42529",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42529"
          },
          {
            "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
          },
          {
            "name": "41505",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41505"
          },
          {
            "name": "ADV-2010-3052",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3052"
          },
          {
            "name": "RHSA-2010:0703",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
          },
          {
            "name": "RHSA-2010:0858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
          },
          {
            "name": "FEDORA-2010-1512",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
          },
          {
            "name": "42405",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42405"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
          },
          {
            "name": "ADV-2010-3126",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3126"
          },
          {
            "name": "GLSA-201301-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.bzip.org/"
          },
          {
            "name": "ADV-2010-3127",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3127"
          },
          {
            "name": "ADV-2010-3043",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3043"
          },
          {
            "name": "SUSE-SR:2010:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
          },
          {
            "name": "42350",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/42350"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4581"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-09-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "USN-986-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-986-3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3"
        },
        {
          "name": "FEDORA-2010-17439",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
        },
        {
          "name": "USN-986-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-986-1"
        },
        {
          "name": "USN-986-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-986-2"
        },
        {
          "name": "41452",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41452"
        },
        {
          "name": "42404",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42404"
        },
        {
          "name": "48378",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48378"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
        },
        {
          "name": "ADV-2010-3073",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3073"
        },
        {
          "name": "ADV-2010-2455",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2455"
        },
        {
          "name": "APPLE-SA-2011-03-21-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
        },
        {
          "name": "42530",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42530"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
        },
        {
          "name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
        },
        {
          "name": "42529",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42529"
        },
        {
          "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
        },
        {
          "name": "41505",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41505"
        },
        {
          "name": "ADV-2010-3052",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3052"
        },
        {
          "name": "RHSA-2010:0703",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
        },
        {
          "name": "RHSA-2010:0858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
        },
        {
          "name": "FEDORA-2010-1512",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
        },
        {
          "name": "42405",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42405"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
        },
        {
          "name": "ADV-2010-3126",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3126"
        },
        {
          "name": "GLSA-201301-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.bzip.org/"
        },
        {
          "name": "ADV-2010-3127",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3127"
        },
        {
          "name": "ADV-2010-3043",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3043"
        },
        {
          "name": "SUSE-SR:2010:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
        },
        {
          "name": "42350",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/42350"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4581"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-0405",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "USN-986-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-986-3"
            },
            {
              "name": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3",
              "refsource": "CONFIRM",
              "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3"
            },
            {
              "name": "FEDORA-2010-17439",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html"
            },
            {
              "name": "USN-986-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-986-1"
            },
            {
              "name": "USN-986-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-986-2"
            },
            {
              "name": "41452",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41452"
            },
            {
              "name": "42404",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42404"
            },
            {
              "name": "48378",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48378"
            },
            {
              "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230",
              "refsource": "CONFIRM",
              "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230"
            },
            {
              "name": "ADV-2010-3073",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3073"
            },
            {
              "name": "ADV-2010-2455",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2455"
            },
            {
              "name": "APPLE-SA-2011-03-21-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html"
            },
            {
              "name": "42530",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42530"
            },
            {
              "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231",
              "refsource": "CONFIRM",
              "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231"
            },
            {
              "name": "[oss-security] 20100921 bzip2 CVE-2010-0405 integer overflow",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2"
            },
            {
              "name": "42529",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42529"
            },
            {
              "name": "20101207 VMSA-2010-0019 VMware ESX third party updates for Service Console",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/515055/100/0/threaded"
            },
            {
              "name": "41505",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41505"
            },
            {
              "name": "ADV-2010-3052",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3052"
            },
            {
              "name": "RHSA-2010:0703",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0703.html"
            },
            {
              "name": "RHSA-2010:0858",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2010-0858.html"
            },
            {
              "name": "FEDORA-2010-1512",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html"
            },
            {
              "name": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow",
              "refsource": "CONFIRM",
              "url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
            },
            {
              "name": "42405",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42405"
            },
            {
              "name": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/",
              "refsource": "CONFIRM",
              "url": "http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=627882",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=627882"
            },
            {
              "name": "ADV-2010-3126",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3126"
            },
            {
              "name": "GLSA-201301-05",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-201301-05.xml"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
            },
            {
              "name": "http://www.bzip.org/",
              "refsource": "CONFIRM",
              "url": "http://www.bzip.org/"
            },
            {
              "name": "ADV-2010-3127",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3127"
            },
            {
              "name": "ADV-2010-3043",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3043"
            },
            {
              "name": "SUSE-SR:2010:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
            },
            {
              "name": "42350",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/42350"
            },
            {
              "name": "http://support.apple.com/kb/HT4581",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4581"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-0405",
    "datePublished": "2010-09-28T17:00:00.000Z",
    "dateReserved": "2010-01-27T00:00:00.000Z",
    "dateUpdated": "2024-08-07T00:45:12.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2010-0405",
      "date": "2026-05-19",
      "epss": "0.07688",
      "percentile": "0.91992"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.5\", \"matchCriteriaId\": \"9EDE642C-0199-43BD-8A86-4C01950D3D12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3852E705-516A-4A5E-8095-93DCF8DB15DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"325C63C7-740D-42E1-B8B1-51125DE57F61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"550690C7-32D0-4126-B272-D2254A2EF434\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DFE746CF-6890-4259-A9DB-5F77B592D1E9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6C95FE39-842A-45D1-A858-D438C0C15B99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"124E0E58-A7B3-4B3E-BEAD-76073A75A0DE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F2C4072-C19D-45E0-9662-030F39BD2295\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E1466AE9-B7E0-449C-BD25-54009833ED93\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC309293-C48A-4931-9A81-359966C6BB40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D54DD36D-7A6C-4649-855A-D81F29FFB6C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5FE3BFE7-75B6-4284-9EDC-78D452CD9174\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E3992967-645A-45E1-979E-6866B50AA642\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"980AE5B2-11A7-4672-B221-DF660F20667F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DC33019-390A-428F-B119-139CA5949AE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B10B3BF9-BE42-468D-89E8-8D4A5FEDC734\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E55F00B1-D48B-40A6-872F-959598D7E6E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB5DBC5B-C1C4-487E-B40D-8925FDA13D1E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C02B0664-E473-4131-8228-96BB5FBC4F7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bzip:bzip2:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85E9A082-C20B-4BD7-8562-5E391F0205F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libzip2:libzip2:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.0.5\", \"matchCriteriaId\": \"CE5990D0-499C-417F-B8C0-4DE8D5253EFD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de enteros en la funci\\u00f3n BZ2_decompress en decompress.c en bzip2 y libbzip2 anterior v1.0.6 permite a atacantes dependientes del contexto causar una denegaci\\u00f3n de servicio (ca\\u00edda aplicaci\\u00f3n) o probablemente ejecutar c\\u00f3digo de su elecci\\u00f3n a trav\\u00e9s de ficheros comprimidos manipulados. \\r\\n\\r\\n\"}]",
      "id": "CVE-2010-0405",
      "lastModified": "2024-11-21T01:12:09.127",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2010-09-28T18:00:02.340",
      "references": "[{\"url\": \"http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/41452\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/41505\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42350\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42404\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42405\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42529\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/42530\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/48378\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201301-05.xml\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://support.apple.com/kb/HT4581\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.bzip.org/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0703.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0858.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/515055/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-986-2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-986-3\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-986-1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0019.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2455\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3043\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3052\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3073\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3126\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3127\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=627882\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/41452\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/41505\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42350\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42404\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42405\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42529\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/42530\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/48378\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.gentoo.org/glsa/glsa-201301-05.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://support.apple.com/kb/HT4581\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.bzip.org/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0703.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2010-0858.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/515055/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-986-2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-986-3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/usn-986-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vmware.com/security/advisories/VMSA-2010-0019.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/2455\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3043\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3052\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3073\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3126\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2010/3127\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=627882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0405\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2010-09-28T18:00:02.340\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de enteros en la funci\u00f3n BZ2_decompress en decompress.c en bzip2 y libbzip2 anterior v1.0.6 permite a atacantes dependientes del contexto causar una denegaci\u00f3n de servicio (ca\u00edda aplicaci\u00f3n) o probablemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de ficheros comprimidos manipulados. \\r\\n\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.5\",\"matchCriteriaId\":\"9EDE642C-0199-43BD-8A86-4C01950D3D12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3852E705-516A-4A5E-8095-93DCF8DB15DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"325C63C7-740D-42E1-B8B1-51125DE57F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.0a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"550690C7-32D0-4126-B272-D2254A2EF434\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.0b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFE746CF-6890-4259-A9DB-5F77B592D1E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.0c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C95FE39-842A-45D1-A858-D438C0C15B99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"124E0E58-A7B3-4B3E-BEAD-76073A75A0DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F2C4072-C19D-45E0-9662-030F39BD2295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E1466AE9-B7E0-449C-BD25-54009833ED93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC309293-C48A-4931-9A81-359966C6BB40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.5a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8AD6CE9-FCE5-4926-A1D1-0706DFE4A6D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.5b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D54DD36D-7A6C-4649-855A-D81F29FFB6C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.5c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B87D623-6CF8-4BDB-A9FB-CF07589AF1CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9.5d:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5FE3BFE7-75B6-4284-9EDC-78D452CD9174\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3992967-645A-45E1-979E-6866B50AA642\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"980AE5B2-11A7-4672-B221-DF660F20667F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DC33019-390A-428F-B119-139CA5949AE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B10B3BF9-BE42-468D-89E8-8D4A5FEDC734\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E55F00B1-D48B-40A6-872F-959598D7E6E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB5DBC5B-C1C4-487E-B40D-8925FDA13D1E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C02B0664-E473-4131-8228-96BB5FBC4F7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bzip:bzip2:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85E9A082-C20B-4BD7-8562-5E391F0205F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libzip2:libzip2:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.5\",\"matchCriteriaId\":\"CE5990D0-499C-417F-B8C0-4DE8D5253EFD\"}]}]}],\"references\":[{\"url\":\"http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/41452\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/41505\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42350\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42404\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42405\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42529\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/42530\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/48378\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201301-05.xml\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.apple.com/kb/HT4581\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.bzip.org/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0703.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0858.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/515055/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-986-2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/USN-986-3\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.ubuntu.com/usn/usn-986-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0019.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2455\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3043\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3052\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3073\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3126\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3127\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=627882\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051278.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051366.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=oss-security\u0026m=128506868510655\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/41452\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/41505\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42404\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42405\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/42530\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/48378\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-201301-05.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4581\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.bzip.org/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0703.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2010-0858.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/515055/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-986-2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-986-3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-986-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0019.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/2455\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3043\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3052\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/3127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xorl.wordpress.com/2010/09/21/cve-2010-0405-bzip2-integer-overflow/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=627882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2230\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2231\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2010-AVI-449

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans bzip2 permet à un utilisateur malveillant de provoquer un déni de service à distance.

Description

Un débordement d'entier dans la fonction de décompression est exploitable par un utilisateur malveillant pour provoquer un déni de service à distance par la soumission d'un fichier compressé spécialement conçu.

La possibilité d'exécuter du code arbitraire à distance est suspectée, mais non démontrée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

bzip2, version 1.0.5 et versions précédentes.

Les logiciels utilisant le code vulnérable sont concernés (liste non exhaustive) :

Clamav, version 0.96.2 et versions précédentes ;
FreeBSD, branches 6, 7 et8.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce du projet bzip du 20 septembre 2010	None	vendor-advisory
Changements dans la version ClamAV 0.96.3 du 20 septembre 2010 :	-	other
Bulletin de sécurité Ubuntu USN-986-3 du 20 septembre 2010 :	-	other
Bulletin de sécurité Ubuntu USN-986-1 du 20 septembre 2010 :	-	other
Bulletin de sécurité RedHat RHSA-2010:0703-1 du 20 septembre 2010 :	-	other
Bulletin de sécurité Ubuntu USN-986-2 du 20 septembre 2010 :	-	other
Bulletin de sécurité Debian DSA-2112-1 du 20 septembre 2010 :	-	other
Bulletin de sécurité Sun du 26 novembre 2010 :	-	other
Bulletin de sécurité FreeBSD-SA-10:08 du 20 septembre 2010 :	-	other
Bulletin de sécurité SUSE SUSE-SA:2010:018 du 06 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003ebzip2, version 1.0.5 et versions pr\u00e9c\u00e9dentes.\u003c/P\u003e  \u003cP\u003eLes logiciels utilisant le code vuln\u00e9rable sont concern\u00e9s  (liste non exhaustive)\u0026nbsp;:\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eClamav, version 0.96.2 et versions pr\u00e9c\u00e9dentes ;\u003c/LI\u003e    \u003cLI\u003eFreeBSD, branches 6, 7 et8.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nUn d\u00e9bordement d\u0027entier dans la fonction de d\u00e9compression est\nexploitable par un utilisateur malveillant pour provoquer un d\u00e9ni de\nservice \u00e0 distance par la soumission d\u0027un fichier compress\u00e9 sp\u00e9cialement\ncon\u00e7u.\n\nLa possibilit\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance est suspect\u00e9e,\nmais non d\u00e9montr\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    }
  ],
  "links": [
    {
      "title": "Changements dans la version ClamAV 0.96.3 du 20 septembre    2010 :",
      "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-986-3 du 20 septembre 2010    :",
      "url": "http://www.ubuntu.com/usn/usn-986-3"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-986-1 du 20 septembre 2010    :",
      "url": "http://www.ubuntu.com/usn/usn-986-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0703-1 du 20    septembre 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0703.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-986-2 du 20 septembre 2010    :",
      "url": "http://www.ubuntu.com/usn/usn-986-2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-2112-1 du 20 septembre 2010    :",
      "url": "http://www.debian.org/security/2010/dsa-2112"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 26 novembre 2010 :",
      "url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD-SA-10:08 du 20 septembre 2010    :",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2010:018 du 06 octobre    2010 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
    }
  ],
  "reference": "CERTA-2010-AVI-449",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-09-22T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins des distibutions Debian, RedHat, Sun, Suse et Ubuntu.",
      "revision_date": "2010-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans bzip2 permet \u00e0 un utilisateur malveillant de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans bzip2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce du projet bzip du 20 septembre 2010",
      "url": "http://www.bzip.org/index.html"
    }
  ]
}

CERTA-2010-AVI-583

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectant différents logiciels inclus dans VMware ESX Console OS ont été corrigées.

Description

Plusieurs logiciels vulnérables inclus dans VMware ESX Console OS ont été mis à jour par l'éditeur :

Samba est mis à jour pour corriger une vulnérabilité permettant à un utilisateur malveillant distant de provoquer un déni de service et potentiellement de l'exécution de code arbitraire (CVE-2010-3069) ;
bzip2 est mis à jour pour corriger une vulnérabilité permettant à un attaquant d'exécuter du code arbitraire à l'aide d'un fichier spécialement conçu (CVE-2010-0405) ;
OpenSSL est mis à jour pour corriger plusieurs vulnérabilités permettant de contourner la politique de sécurité (CVE-2009-0590, CVE-2009-2409 et CVE-2009-355).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware ESX 3.x Console OS (COS).
	VMware	N/A	VMware ESX 4.x Console OS (COS) ;

References

Title

Publication Time

Tags

Avis de sécurité VMware VMSA-2010-0019 du 07 décembre 2010	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2010-0019 du 07 décembre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX 3.x Console OS (COS).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.x Console OS (COS) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs logiciels vuln\u00e9rables inclus dans VMware ESX Console OS ont\n\u00e9t\u00e9 mis \u00e0 jour par l\u0027\u00e9diteur :\n\n-   Samba est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 permettant \u00e0 un\n    utilisateur malveillant distant de provoquer un d\u00e9ni de service et\n    potentiellement de l\u0027ex\u00e9cution de code arbitraire (CVE-2010-3069) ;\n-   bzip2 est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 permettant \u00e0 un\n    attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 l\u0027aide d\u0027un fichier\n    sp\u00e9cialement con\u00e7u (CVE-2010-0405) ;\n-   OpenSSL est mis \u00e0 jour pour corriger plusieurs vuln\u00e9rabilit\u00e9s\n    permettant de contourner la politique de s\u00e9curit\u00e9 (CVE-2009-0590,\n    CVE-2009-2409 et CVE-2009-355).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0019 du 07 d\u00e9cembre    2010 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
    }
  ],
  "reference": "CERTA-2010-AVI-583",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant diff\u00e9rents logiciels inclus dans\nVMware ESX Console OS ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 VMware VMSA-2010-0019 du 07 d\u00e9cembre 2010",
      "url": null
    }
  ]
}

CERTA-2011-AVI-162

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X, notamment :

Airport ;
AppleScript ;
ATS ;
CarbonCore ;
CoreText ;
File Quarantine ;
HFS ;
ImageIO ;
ImageRaw ;
Installer ;
Kernel ;
Libinfo ;
Libxml ;
QuickLook ;
QuickTime ;
Terminal.

Cette mise à jour corrige également un grand nombre de vulnérabilités dans des logiciels inclus au système d'exploitation comme Apache, ClamAV, Kerberos, Mailman, PHP, Ruby, Samba, Subversion et X11. Parmi les failles corrigées, certaines permettent l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X Server 10.6.x.
N/A	N/A	Mac OS X Server 10.5.8 ;
N/A	N/A	Mac OS X 10.6.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4581 du 21 mars 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X, notamment :\n\n-   Airport ;\n-   AppleScript ;\n-   ATS ;\n-   CarbonCore ;\n-   CoreText ;\n-   File Quarantine ;\n-   HFS ;\n-   ImageIO ;\n-   ImageRaw ;\n-   Installer ;\n-   Kernel ;\n-   Libinfo ;\n-   Libxml ;\n-   QuickLook ;\n-   QuickTime ;\n-   Terminal.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache,\nClamAV, Kerberos, Mailman, PHP, Ruby, Samba, Subversion et X11. Parmi\nles failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0170"
    },
    {
      "name": "CVE-2010-3089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3089"
    },
    {
      "name": "CVE-2010-3870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3870"
    },
    {
      "name": "CVE-2011-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
    },
    {
      "name": "CVE-2010-3709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3709"
    },
    {
      "name": "CVE-2010-4020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4020"
    },
    {
      "name": "CVE-2011-0172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0172"
    },
    {
      "name": "CVE-2011-0181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0181"
    },
    {
      "name": "CVE-2011-0192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
    },
    {
      "name": "CVE-2010-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3710"
    },
    {
      "name": "CVE-2011-0183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0183"
    },
    {
      "name": "CVE-2010-4494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
    },
    {
      "name": "CVE-2011-0182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0182"
    },
    {
      "name": "CVE-2010-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068"
    },
    {
      "name": "CVE-2010-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452"
    },
    {
      "name": "CVE-2010-4021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4021"
    },
    {
      "name": "CVE-2011-0173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0173"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2010-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2950"
    },
    {
      "name": "CVE-2011-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0191"
    },
    {
      "name": "CVE-2011-0186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0186"
    },
    {
      "name": "CVE-2011-0178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0178"
    },
    {
      "name": "CVE-2010-3802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3802"
    },
    {
      "name": "CVE-2010-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4409"
    },
    {
      "name": "CVE-2011-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0190"
    },
    {
      "name": "CVE-2011-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1417"
    },
    {
      "name": "CVE-2010-3801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3801"
    },
    {
      "name": "CVE-2010-4479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4479"
    },
    {
      "name": "CVE-2011-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0188"
    },
    {
      "name": "CVE-2010-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3814"
    },
    {
      "name": "CVE-2010-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3855"
    },
    {
      "name": "CVE-2011-0180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0180"
    },
    {
      "name": "CVE-2010-1324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1324"
    },
    {
      "name": "CVE-2011-0174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0174"
    },
    {
      "name": "CVE-2011-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0189"
    },
    {
      "name": "CVE-2006-7243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7243"
    },
    {
      "name": "CVE-2010-4261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4261"
    },
    {
      "name": "CVE-2010-3434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3434"
    },
    {
      "name": "CVE-2010-4260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4260"
    },
    {
      "name": "CVE-2010-3315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3315"
    },
    {
      "name": "CVE-2011-0184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0184"
    },
    {
      "name": "CVE-2011-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0179"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2011-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0177"
    },
    {
      "name": "CVE-2010-1323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1323"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
    },
    {
      "name": "CVE-2011-0194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0194"
    },
    {
      "name": "CVE-2011-0175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0175"
    },
    {
      "name": "CVE-2010-4150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4150"
    },
    {
      "name": "CVE-2011-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0193"
    },
    {
      "name": "CVE-2011-0176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0176"
    },
    {
      "name": "CVE-2010-4009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4009"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-162",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Leur\nexploitation permet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4581 du 21 mars 2011",
      "url": "http://support.apple.com/kb/HT4581"
    }
  ]
}

CERTA-2012-AVI-151

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits VMware, dont l'exploitation permet jusqu'à l'exécution de code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été corrigées dans les produits VMware. Certaines affectent Oracle Java et peuvent conduire à une prise de contrôle à distance.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware vCenter version 5.0 ;

VMware vCenter Orchestrator 4.2 ;

VMware vShield Manager 4.1 ;

VMWare Update Manager 5.0 ;

VMware ESXi version 5.0 ;

VMware ESXi version 4.1 ;

VMware ESXi version 3.5 ;

VMware ESX version 4.1 ;

VMware ESX version 3.5.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité VMSA-2012-0004 et VMSA-2012-0005	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2012-0004 du 15 mars 2012 :	-	other
Bulletin de sécurité VMware VMSA-2012-0005 du 15 mars 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVMware vCenter version 5.0 ;\u003c/P\u003e  \u003cP\u003eVMware vCenter Orchestrator 4.2 ;\u003c/P\u003e  \u003cP\u003eVMware vShield Manager 4.1 ;\u003c/P\u003e  \u003cP\u003eVMWare Update Manager 5.0 ;\u003c/P\u003e  \u003cP\u003eVMware ESXi version 5.0 ;\u003c/P\u003e  \u003cP\u003eVMware ESXi version 4.1 ;\u003c/P\u003e  \u003cP\u003eVMware ESXi version 3.5 ;\u003c/P\u003e  \u003cP\u003eVMware ESX version 4.1 ;\u003c/P\u003e  \u003cP\u003eVMware ESX version 3.5.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMware.\nCertaines affectent Oracle Java et peuvent conduire \u00e0 une prise de\ncontr\u00f4le \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1511"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2012-1509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1509"
    },
    {
      "name": "CVE-2012-1510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1510"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2012-1513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1513"
    },
    {
      "name": "CVE-2012-0022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0022"
    },
    {
      "name": "CVE-2012-1512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1512"
    },
    {
      "name": "CVE-2012-1514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1514"
    },
    {
      "name": "CVE-2011-3375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3375"
    },
    {
      "name": "CVE-2012-1508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1508"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0004 du 15 mars 2012    :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0004.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0005 du 15 mars 2012    :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
    }
  ],
  "reference": "CERTA-2012-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMware,\ndont l\u0027exploitation permet jusqu\u0027\u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 VMSA-2012-0004 et VMSA-2012-0005",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-502

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits F5. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité F5 SOL15883 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15881 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15878 du 26 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15877 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15885 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15868 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15875 du 27 novembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDe multiples produits sont impact\u00e9s. Se r\u00e9f\u00e9rer au bulletin de  l\u0027\u00e9diteur pour la liste exhaustive des produits.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3048"
    },
    {
      "name": "CVE-2013-4921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4921"
    },
    {
      "name": "CVE-2013-4935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4935"
    },
    {
      "name": "CVE-2013-4920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4920"
    },
    {
      "name": "CVE-2013-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1944"
    },
    {
      "name": "CVE-2013-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4076"
    },
    {
      "name": "CVE-2013-4077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4077"
    },
    {
      "name": "CVE-2013-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4083"
    },
    {
      "name": "CVE-2013-4925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4925"
    },
    {
      "name": "CVE-2013-4926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4926"
    },
    {
      "name": "CVE-2013-4930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4930"
    },
    {
      "name": "CVE-2013-4928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4928"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2013-4933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4933"
    },
    {
      "name": "CVE-2013-4923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4923"
    },
    {
      "name": "CVE-2013-4929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4929"
    },
    {
      "name": "CVE-2013-4079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4079"
    },
    {
      "name": "CVE-2013-4931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4931"
    },
    {
      "name": "CVE-2013-4932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4932"
    },
    {
      "name": "CVE-2013-4082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4082"
    },
    {
      "name": "CVE-2013-4075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4075"
    },
    {
      "name": "CVE-2013-4927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4927"
    },
    {
      "name": "CVE-2013-4936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4936"
    },
    {
      "name": "CVE-2013-4078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4078"
    },
    {
      "name": "CVE-2013-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
    },
    {
      "name": "CVE-2013-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4924"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2013-4080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4080"
    },
    {
      "name": "CVE-2013-4934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4934"
    },
    {
      "name": "CVE-2013-4922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4922"
    },
    {
      "name": "CVE-2013-4074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4074"
    },
    {
      "name": "CVE-2012-2141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2141"
    },
    {
      "name": "CVE-2013-4081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4081"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-502",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15883 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15883.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15881 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15881.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15878 du 26 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15877 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15885 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15885.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15868 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15868.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15875 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15875.html"
    }
  ]
}

CERTA-2010-AVI-449

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans bzip2 permet à un utilisateur malveillant de provoquer un déni de service à distance.

Description

La possibilité d'exécuter du code arbitraire à distance est suspectée, mais non démontrée.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

bzip2, version 1.0.5 et versions précédentes.

Les logiciels utilisant le code vulnérable sont concernés (liste non exhaustive) :

Clamav, version 0.96.2 et versions précédentes ;
FreeBSD, branches 6, 7 et8.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Annonce du projet bzip du 20 septembre 2010	None	vendor-advisory
Changements dans la version ClamAV 0.96.3 du 20 septembre 2010 :	-	other
Bulletin de sécurité Ubuntu USN-986-3 du 20 septembre 2010 :	-	other
Bulletin de sécurité Ubuntu USN-986-1 du 20 septembre 2010 :	-	other
Bulletin de sécurité RedHat RHSA-2010:0703-1 du 20 septembre 2010 :	-	other
Bulletin de sécurité Ubuntu USN-986-2 du 20 septembre 2010 :	-	other
Bulletin de sécurité Debian DSA-2112-1 du 20 septembre 2010 :	-	other
Bulletin de sécurité Sun du 26 novembre 2010 :	-	other
Bulletin de sécurité FreeBSD-SA-10:08 du 20 septembre 2010 :	-	other
Bulletin de sécurité SUSE SUSE-SA:2010:018 du 06 octobre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003ebzip2, version 1.0.5 et versions pr\u00e9c\u00e9dentes.\u003c/P\u003e  \u003cP\u003eLes logiciels utilisant le code vuln\u00e9rable sont concern\u00e9s  (liste non exhaustive)\u0026nbsp;:\u003c/P\u003e  \u003cUL\u003e    \u003cLI\u003eClamav, version 0.96.2 et versions pr\u00e9c\u00e9dentes ;\u003c/LI\u003e    \u003cLI\u003eFreeBSD, branches 6, 7 et8.\u003c/LI\u003e  \u003c/UL\u003e",
  "content": "## Description\n\nUn d\u00e9bordement d\u0027entier dans la fonction de d\u00e9compression est\nexploitable par un utilisateur malveillant pour provoquer un d\u00e9ni de\nservice \u00e0 distance par la soumission d\u0027un fichier compress\u00e9 sp\u00e9cialement\ncon\u00e7u.\n\nLa possibilit\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance est suspect\u00e9e,\nmais non d\u00e9montr\u00e9e.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    }
  ],
  "links": [
    {
      "title": "Changements dans la version ClamAV 0.96.3 du 20 septembre    2010 :",
      "url": "http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96.3"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-986-3 du 20 septembre 2010    :",
      "url": "http://www.ubuntu.com/usn/usn-986-3"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-986-1 du 20 septembre 2010    :",
      "url": "http://www.ubuntu.com/usn/usn-986-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0703-1 du 20    septembre 2010 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2010-0703.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-986-2 du 20 septembre 2010    :",
      "url": "http://www.ubuntu.com/usn/usn-986-2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-2112-1 du 20 septembre 2010    :",
      "url": "http://www.debian.org/security/2010/dsa-2112"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Sun du 26 novembre 2010 :",
      "url": "http://blogs.sun.com/security/entry/cve_2010_0405_integer_overflow"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD-SA-10:08 du 20 septembre 2010    :",
      "url": "http://security.freebsd.org/advisories/FreeBSD-SA-10:08.bzip2.asc"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SA:2010:018 du 06 octobre    2010 :",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00000.html"
    }
  ],
  "reference": "CERTA-2010-AVI-449",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-09-22T00:00:00.000000"
    },
    {
      "description": "ajout des bulletins des distibutions Debian, RedHat, Sun, Suse et Ubuntu.",
      "revision_date": "2010-11-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans bzip2 permet \u00e0 un utilisateur malveillant de\nprovoquer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans bzip2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Annonce du projet bzip du 20 septembre 2010",
      "url": "http://www.bzip.org/index.html"
    }
  ]
}

CERTA-2010-AVI-583

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectant différents logiciels inclus dans VMware ESX Console OS ont été corrigées.

Description

Plusieurs logiciels vulnérables inclus dans VMware ESX Console OS ont été mis à jour par l'éditeur :

Samba est mis à jour pour corriger une vulnérabilité permettant à un utilisateur malveillant distant de provoquer un déni de service et potentiellement de l'exécution de code arbitraire (CVE-2010-3069) ;
bzip2 est mis à jour pour corriger une vulnérabilité permettant à un attaquant d'exécuter du code arbitraire à l'aide d'un fichier spécialement conçu (CVE-2010-0405) ;
OpenSSL est mis à jour pour corriger plusieurs vulnérabilités permettant de contourner la politique de sécurité (CVE-2009-0590, CVE-2009-2409 et CVE-2009-355).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	VMware	N/A	VMware ESX 3.x Console OS (COS).
	VMware	N/A	VMware ESX 4.x Console OS (COS) ;

References

Title

Publication Time

Tags

Avis de sécurité VMware VMSA-2010-0019 du 07 décembre 2010	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2010-0019 du 07 décembre 2010 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware ESX 3.x Console OS (COS).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESX 4.x Console OS (COS) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs logiciels vuln\u00e9rables inclus dans VMware ESX Console OS ont\n\u00e9t\u00e9 mis \u00e0 jour par l\u0027\u00e9diteur :\n\n-   Samba est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 permettant \u00e0 un\n    utilisateur malveillant distant de provoquer un d\u00e9ni de service et\n    potentiellement de l\u0027ex\u00e9cution de code arbitraire (CVE-2010-3069) ;\n-   bzip2 est mis \u00e0 jour pour corriger une vuln\u00e9rabilit\u00e9 permettant \u00e0 un\n    attaquant d\u0027ex\u00e9cuter du code arbitraire \u00e0 l\u0027aide d\u0027un fichier\n    sp\u00e9cialement con\u00e7u (CVE-2010-0405) ;\n-   OpenSSL est mis \u00e0 jour pour corriger plusieurs vuln\u00e9rabilit\u00e9s\n    permettant de contourner la politique de s\u00e9curit\u00e9 (CVE-2009-0590,\n    CVE-2009-2409 et CVE-2009-355).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2009-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0590"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2009-2409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2409"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2010-0019 du 07 d\u00e9cembre    2010 :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html"
    }
  ],
  "reference": "CERTA-2010-AVI-583",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-12-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectant diff\u00e9rents logiciels inclus dans\nVMware ESX Console OS ont \u00e9t\u00e9 corrig\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESX",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 VMware VMSA-2010-0019 du 07 d\u00e9cembre 2010",
      "url": null
    }
  ]
}

CERTA-2011-AVI-162

Vulnerability from certfr_avis - Published: - Updated:

De nombreuses vulnérabilités ont été corrigées dans Mac OS X. Leur exploitation permet, entre autres, l'exécution de code arbitraire à distance.

Description

De multiples vulnérabilités ont été corrigées dans différents composants du système d'exploitation Mac OS X, notamment :

Airport ;
AppleScript ;
ATS ;
CarbonCore ;
CoreText ;
File Quarantine ;
HFS ;
ImageIO ;
ImageRaw ;
Installer ;
Kernel ;
Libinfo ;
Libxml ;
QuickLook ;
QuickTime ;
Terminal.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Mac OS X 10.5.8 ;
N/A	N/A	Mac OS X Server 10.6.x.
N/A	N/A	Mac OS X Server 10.5.8 ;
N/A	N/A	Mac OS X 10.6.x ;

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT4581 du 21 mars 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.6.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X Server 10.5.8 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.6.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans diff\u00e9rents composants\ndu syst\u00e8me d\u0027exploitation Mac OS X, notamment :\n\n-   Airport ;\n-   AppleScript ;\n-   ATS ;\n-   CarbonCore ;\n-   CoreText ;\n-   File Quarantine ;\n-   HFS ;\n-   ImageIO ;\n-   ImageRaw ;\n-   Installer ;\n-   Kernel ;\n-   Libinfo ;\n-   Libxml ;\n-   QuickLook ;\n-   QuickTime ;\n-   Terminal.\n\nCette mise \u00e0 jour corrige \u00e9galement un grand nombre de vuln\u00e9rabilit\u00e9s\ndans des logiciels inclus au syst\u00e8me d\u0027exploitation comme Apache,\nClamAV, Kerberos, Mailman, PHP, Ruby, Samba, Subversion et X11. Parmi\nles failles corrig\u00e9es, certaines permettent l\u0027ex\u00e9cution de code\narbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0170"
    },
    {
      "name": "CVE-2010-3089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3089"
    },
    {
      "name": "CVE-2010-3870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3870"
    },
    {
      "name": "CVE-2011-0187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0187"
    },
    {
      "name": "CVE-2010-3709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3709"
    },
    {
      "name": "CVE-2010-4020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4020"
    },
    {
      "name": "CVE-2011-0172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0172"
    },
    {
      "name": "CVE-2011-0181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0181"
    },
    {
      "name": "CVE-2011-0192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
    },
    {
      "name": "CVE-2010-3710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3710"
    },
    {
      "name": "CVE-2011-0183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0183"
    },
    {
      "name": "CVE-2010-4494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4494"
    },
    {
      "name": "CVE-2011-0182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0182"
    },
    {
      "name": "CVE-2010-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2068"
    },
    {
      "name": "CVE-2010-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452"
    },
    {
      "name": "CVE-2010-4021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4021"
    },
    {
      "name": "CVE-2011-0173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0173"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2010-2950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2950"
    },
    {
      "name": "CVE-2011-0191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0191"
    },
    {
      "name": "CVE-2011-0186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0186"
    },
    {
      "name": "CVE-2011-0178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0178"
    },
    {
      "name": "CVE-2010-3802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3802"
    },
    {
      "name": "CVE-2010-4409",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4409"
    },
    {
      "name": "CVE-2011-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0190"
    },
    {
      "name": "CVE-2011-1417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1417"
    },
    {
      "name": "CVE-2010-3801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3801"
    },
    {
      "name": "CVE-2010-4479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4479"
    },
    {
      "name": "CVE-2011-0188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0188"
    },
    {
      "name": "CVE-2010-3814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3814"
    },
    {
      "name": "CVE-2010-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3855"
    },
    {
      "name": "CVE-2011-0180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0180"
    },
    {
      "name": "CVE-2010-1324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1324"
    },
    {
      "name": "CVE-2011-0174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0174"
    },
    {
      "name": "CVE-2011-0189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0189"
    },
    {
      "name": "CVE-2006-7243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7243"
    },
    {
      "name": "CVE-2010-4261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4261"
    },
    {
      "name": "CVE-2010-3434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3434"
    },
    {
      "name": "CVE-2010-4260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4260"
    },
    {
      "name": "CVE-2010-3315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3315"
    },
    {
      "name": "CVE-2011-0184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0184"
    },
    {
      "name": "CVE-2011-0179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0179"
    },
    {
      "name": "CVE-2010-3069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3069"
    },
    {
      "name": "CVE-2011-0177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0177"
    },
    {
      "name": "CVE-2010-1323",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1323"
    },
    {
      "name": "CVE-2010-4008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4008"
    },
    {
      "name": "CVE-2010-3436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3436"
    },
    {
      "name": "CVE-2011-0194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0194"
    },
    {
      "name": "CVE-2011-0175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0175"
    },
    {
      "name": "CVE-2010-4150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4150"
    },
    {
      "name": "CVE-2011-0193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0193"
    },
    {
      "name": "CVE-2011-0176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0176"
    },
    {
      "name": "CVE-2010-4009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4009"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-162",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-03-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De nombreuses vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans Mac OS X. Leur\nexploitation permet, entre autres, l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT4581 du 21 mars 2011",
      "url": "http://support.apple.com/kb/HT4581"
    }
  ]
}

CERTA-2012-AVI-151

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits VMware, dont l'exploitation permet jusqu'à l'exécution de code arbitraire à distance.

Description

Plusieurs vulnérabilités ont été corrigées dans les produits VMware. Certaines affectent Oracle Java et peuvent conduire à une prise de contrôle à distance.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

VMware vCenter version 5.0 ;

VMware vCenter Orchestrator 4.2 ;

VMware vShield Manager 4.1 ;

VMWare Update Manager 5.0 ;

VMware ESXi version 5.0 ;

VMware ESXi version 4.1 ;

VMware ESXi version 3.5 ;

VMware ESX version 4.1 ;

VMware ESX version 3.5.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletins de sécurité VMSA-2012-0004 et VMSA-2012-0005	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2012-0004 du 15 mars 2012 :	-	other
Bulletin de sécurité VMware VMSA-2012-0005 du 15 mars 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVMware vCenter version 5.0 ;\u003c/P\u003e  \u003cP\u003eVMware vCenter Orchestrator 4.2 ;\u003c/P\u003e  \u003cP\u003eVMware vShield Manager 4.1 ;\u003c/P\u003e  \u003cP\u003eVMWare Update Manager 5.0 ;\u003c/P\u003e  \u003cP\u003eVMware ESXi version 5.0 ;\u003c/P\u003e  \u003cP\u003eVMware ESXi version 4.1 ;\u003c/P\u003e  \u003cP\u003eVMware ESXi version 3.5 ;\u003c/P\u003e  \u003cP\u003eVMware ESX version 4.1 ;\u003c/P\u003e  \u003cP\u003eVMware ESX version 3.5.\u003c/P\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMware.\nCertaines affectent Oracle Java et peuvent conduire \u00e0 une prise de\ncontr\u00f4le \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1511"
    },
    {
      "name": "CVE-2011-3190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3190"
    },
    {
      "name": "CVE-2012-1509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1509"
    },
    {
      "name": "CVE-2012-1510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1510"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2012-1513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1513"
    },
    {
      "name": "CVE-2012-0022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0022"
    },
    {
      "name": "CVE-2012-1512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1512"
    },
    {
      "name": "CVE-2012-1514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1514"
    },
    {
      "name": "CVE-2011-3375",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3375"
    },
    {
      "name": "CVE-2012-1508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1508"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0004 du 15 mars 2012    :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0004.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0005 du 15 mars 2012    :",
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
    }
  ],
  "reference": "CERTA-2012-AVI-151",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits VMware,\ndont l\u0027exploitation permet jusqu\u0027\u00e0 l\u0027ex\u00e9cution de code arbitraire \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 VMSA-2012-0004 et VMSA-2012-0005",
      "url": null
    }
  ]
}

CERTFR-2014-AVI-502

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

De multiples produits sont impactés. Se référer au bulletin de l'éditeur pour la liste exhaustive des produits.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité F5 SOL15883 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15881 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15878 du 26 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15877 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15885 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15868 du 27 novembre 2014	None	vendor-advisory
Bulletin de sécurité F5 SOL15875 du 27 novembre 2014	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eDe multiples produits sont impact\u00e9s. Se r\u00e9f\u00e9rer au bulletin de  l\u0027\u00e9diteur pour la liste exhaustive des produits.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-3048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3048"
    },
    {
      "name": "CVE-2013-4921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4921"
    },
    {
      "name": "CVE-2013-4935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4935"
    },
    {
      "name": "CVE-2013-4920",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4920"
    },
    {
      "name": "CVE-2013-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1944"
    },
    {
      "name": "CVE-2013-4076",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4076"
    },
    {
      "name": "CVE-2013-4077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4077"
    },
    {
      "name": "CVE-2013-4083",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4083"
    },
    {
      "name": "CVE-2013-4925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4925"
    },
    {
      "name": "CVE-2013-4926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4926"
    },
    {
      "name": "CVE-2013-4930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4930"
    },
    {
      "name": "CVE-2013-4928",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4928"
    },
    {
      "name": "CVE-2010-0405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0405"
    },
    {
      "name": "CVE-2013-4933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4933"
    },
    {
      "name": "CVE-2013-4923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4923"
    },
    {
      "name": "CVE-2013-4929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4929"
    },
    {
      "name": "CVE-2013-4079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4079"
    },
    {
      "name": "CVE-2013-4931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4931"
    },
    {
      "name": "CVE-2013-4932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4932"
    },
    {
      "name": "CVE-2013-4082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4082"
    },
    {
      "name": "CVE-2013-4075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4075"
    },
    {
      "name": "CVE-2013-4927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4927"
    },
    {
      "name": "CVE-2013-4936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4936"
    },
    {
      "name": "CVE-2013-4078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4078"
    },
    {
      "name": "CVE-2013-1862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
    },
    {
      "name": "CVE-2013-4924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4924"
    },
    {
      "name": "CVE-2011-1071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
    },
    {
      "name": "CVE-2013-4080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4080"
    },
    {
      "name": "CVE-2013-4934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4934"
    },
    {
      "name": "CVE-2013-4922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4922"
    },
    {
      "name": "CVE-2013-4074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4074"
    },
    {
      "name": "CVE-2012-2141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2141"
    },
    {
      "name": "CVE-2013-4081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4081"
    }
  ],
  "links": [],
  "reference": "CERTFR-2014-AVI-502",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2014-11-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eF5\u003c/span\u003e. Elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits F5",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15883 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15883.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15881 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15881.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15878 du 26 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15877 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15877.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15885 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15885.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15868 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15868.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 SOL15875 du 27 novembre 2014",
      "url": "https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15875.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2010-0405 (GCVE-0-2010-0405)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Solution

Tags

Sightings

Nomenclature