Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2011-4619 (GCVE-0-2011-4619)
Vulnerability from cvelistv5 – Published: 2012-01-06 01:00 – Updated: 2024-08-07 00:09
VLAI?
EPSS
Summary
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:19.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48528"
},
{
"name": "HPSBMU02786",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "openSUSE-SU-2012:0083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
},
{
"name": "MDVSA-2012:006",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
},
{
"name": "FEDORA-2012-18035",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openssl.org/news/secadv_20120104.txt"
},
{
"name": "SUSE-SU-2012:0084",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
},
{
"name": "RHSA-2012:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"name": "RHSA-2012:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "VU#737740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "HPSBUX02734",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"name": "MDVSA-2012:007",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
},
{
"name": "RHSA-2012:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "HPSBOV02793",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "HPSBUX02782",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "SSRT100729",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"name": "SSRT100877",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"name": "DSA-2390",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2390"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
},
{
"name": "SSRT100844",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-08-19T15:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48528",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48528"
},
{
"name": "HPSBMU02786",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "openSUSE-SU-2012:0083",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
},
{
"name": "MDVSA-2012:006",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
},
{
"name": "FEDORA-2012-18035",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openssl.org/news/secadv_20120104.txt"
},
{
"name": "SUSE-SU-2012:0084",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
},
{
"name": "RHSA-2012:1308",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"name": "RHSA-2012:1307",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "APPLE-SA-2013-06-04-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "VU#737740",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "HPSBUX02734",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"name": "MDVSA-2012:007",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
},
{
"name": "RHSA-2012:1306",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "HPSBOV02793",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "57353",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "HPSBUX02782",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"name": "SSRT100891",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "SSRT100852",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "SSRT100729",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"name": "SSRT100877",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"name": "DSA-2390",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2390"
},
{
"name": "HPSBMU02776",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
},
{
"name": "SSRT100844",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4619",
"datePublished": "2012-01-06T01:00:00.000Z",
"dateReserved": "2011-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:09:19.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTA-2012-AVI-316
Vulnerability from certfr_avis - Published: 2012-06-12 - Updated: 2012-06-12
Onze vulnérabilités ont été corrigées dans HP Onboard Administrator. L'exploitation de ces vulnérabilités peut mener à divers accès non autorisés à des données distantes et à des dénis de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à HP Onboard Adminitrator v3.56.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 HP Onboard Adminitrator v3.56.\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
},
{
"name": "CVE-2012-0053",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
},
{
"name": "CVE-2011-3192",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3192"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2012-1583",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
},
{
"name": "CVE-2011-2691",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2691"
},
{
"name": "CVE-2011-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1473"
}
],
"initial_release_date": "2012-06-12T00:00:00",
"last_revision_date": "2012-06-12T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 HP c03315912 du 07 juin 2012 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03315912"
}
],
"reference": "CERTA-2012-AVI-316",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-06-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Onze vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eHP\nOnboard Administrator\u003c/span\u003e. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut\nmener \u00e0 divers acc\u00e8s non autoris\u00e9s \u00e0 des donn\u00e9es distantes et \u00e0 des\nd\u00e9nis de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP Onboard Administrator",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP du 07 juin 2012",
"url": null
}
]
}
CERTA-2012-AVI-006
Vulnerability from certfr_avis - Published: 2012-01-10 - Updated: 2012-01-31
De multiples vulnérabilités corrigées dans OpenSSL permettent l'exécution de code arbitraire à distance, un déni de service à distance, ou une atteinte à la confidentialité des données.
Description
De multiples vulnérabilités corrigées dans OpenSSL permettent à une personne malveillante d'exécuter du code arbitraire à distance, de provoquer un déni de service à distance, ou de porter atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OpenSSL 1.x versions ant\u00e9rieures \u00e0 1.0.0f ;",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
},
{
"description": "OpenSSL 0.x versions ant\u00e9rieures \u00e0 0.9.8s.",
"product": {
"name": "OpenSSL",
"vendor": {
"name": "OpenSSL",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s corrig\u00e9es dans OpenSSL permettent \u00e0 une\npersonne malveillante d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance, de\nprovoquer un d\u00e9ni de service \u00e0 distance, ou de porter atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2011-4577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2012-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0027"
}
],
"initial_release_date": "2012-01-10T00:00:00",
"last_revision_date": "2012-01-31T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 HP du 19 janvier 2012\u00a0:",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03141193"
}
],
"reference": "CERTA-2012-AVI-006",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-01-10T00:00:00.000000"
},
{
"description": "ajout du bulletin de s\u00e9curit\u00e9 HP.",
"revision_date": "2012-01-31T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s corrig\u00e9es dans OpenSSL permettent\nl\u0027ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance, ou une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 OpenSSL du 04 janvier 2012",
"url": "http://openssl.org/news/secadv_20120104.txt"
}
]
}
CERTA-2013-AVI-090
Vulnerability from certfr_avis - Published: 2013-02-04 - Updated: 2013-02-04
De multiples vulnérabilités ont été corrigées dans IBM InfoSphere Balanced Warehouse. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | N/A | IBM Smart Analytics System 5600 V2 | ||
| IBM | N/A | IBM Smart Analytics System 5710 | ||
| IBM | N/A | IBM Smart Analytics System 2050 pour Linux | ||
| IBM | N/A | IBM InfoSphere Balanced Warehouse C3000 | ||
| IBM | N/A | IBM InfoSphere Balanced Warehouse C4000 | ||
| IBM | N/A | IBM Smart Analytics System 1050 pour Linux | ||
| IBM | N/A | IBM InfoSphere Balanced Warehouse D5100 | ||
| IBM | N/A | IBM Smart Analytics System 5600 V1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Smart Analytics System 5600 V2",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Smart Analytics System 5710",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Smart Analytics System 2050 pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Balanced Warehouse C3000",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Balanced Warehouse C4000",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Smart Analytics System 1050 pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM InfoSphere Balanced Warehouse D5100",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Smart Analytics System 5600 V1",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
},
{
"name": "CVE-2011-3210",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3210"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2011-4577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2010-3864",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
},
{
"name": "CVE-2011-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
}
],
"initial_release_date": "2013-02-04T00:00:00",
"last_revision_date": "2013-02-04T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-090",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-02-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eIBM InfoSphere Balanced Warehouse\u003c/span\u003e. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM InfoSphere Balanced Warehouse",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM swg21619837 du 31 janvier 2013",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21619837"
}
]
}
CERTA-2012-AVI-479
Vulnerability from certfr_avis - Published: 2012-09-03 - Updated: 2012-09-03
De multiples vulnérabilités ont été corrigées dans les produits VMware. Elles concernent les éléments d'éditeurs tiers implémentés dans les solutions. Les éléments suivants ont étés mis à jour :
- Java Runtime Environment (JRE) ;
- OpenSSL ;
- le noyau ;
- Perl ;
- libxml2 ;
- glibc ;
- GnuTLS ;
- popt et rpm ;
- Apache struts.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware ESX version 4.1 ; | ||
| VMware | N/A | VMware vCO version 4.0. | ||
| VMware | N/A | VMware vCenter version 5.0 ; | ||
| VMware | N/A | VMware vCOps version 1.0.x ; | ||
| VMware | ESXi | VMware ESXi version 3.5 ; | ||
| VMware | N/A | VMware Update Manager version 5.0 ; | ||
| VMware | N/A | VMware Update Manager version 4.0 ; | ||
| VMware | N/A | VMware vCO version 4.1 ; | ||
| VMware | ESXi | VMware ESXi version 4.1 ; | ||
| VMware | N/A | VMware vCenter version 4.0 ; | ||
| VMware | N/A | VMware vCenter version 4.1 ; | ||
| VMware | N/A | VMware vCOps version 5.0.2 ; | ||
| VMware | ESXi | VMware ESXi version 4.0 ; | ||
| VMware | N/A | VMware VirtualCenter version 2.5 ; | ||
| VMware | N/A | VMware Update Manager version 4.1 ; | ||
| VMware | ESXi | VMware ESXi version 5.0 ; | ||
| VMware | N/A | VMware ESX version 4.0 ; | ||
| VMware | N/A | VMware ESX version 3.5 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESX version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCO version 4.0.",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCOps version 1.0.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 3.5 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 5.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCO version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.1 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCOps version 5.0.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 4.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware VirtualCenter version 2.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Update Manager version 4.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi version 5.0 ;",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 4.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESX version 3.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-1833",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1833"
},
{
"name": "CVE-2012-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
},
{
"name": "CVE-2011-4132",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4132"
},
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2012-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
},
{
"name": "CVE-2011-5057",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5057"
},
{
"name": "CVE-2010-4252",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2011-2496",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2496"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2011-4577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2012-1569",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1569"
},
{
"name": "CVE-2011-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4324"
},
{
"name": "CVE-2011-4110",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4110"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2012-1583",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1583"
},
{
"name": "CVE-2010-2761",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-2761"
},
{
"name": "CVE-2012-0060",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0060"
},
{
"name": "CVE-2012-0391",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0391"
},
{
"name": "CVE-2011-4325",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4325"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2012-0061",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0061"
},
{
"name": "CVE-2010-4180",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4180"
},
{
"name": "CVE-2012-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0864"
},
{
"name": "CVE-2011-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3209"
},
{
"name": "CVE-2010-4410",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4410"
},
{
"name": "CVE-2012-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0392"
},
{
"name": "CVE-2012-0394",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0394"
},
{
"name": "CVE-2012-0815",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0815"
},
{
"name": "CVE-2011-3188",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3188"
},
{
"name": "CVE-2011-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1020"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2012-1573",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1573"
},
{
"name": "CVE-2011-4128",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4128"
},
{
"name": "CVE-2012-0841",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0841"
},
{
"name": "CVE-2011-2484",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2484"
},
{
"name": "CVE-2012-0393",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0393"
},
{
"name": "CVE-2011-3597",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3597"
},
{
"name": "CVE-2011-3363",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3363"
},
{
"name": "CVE-2011-2699",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2699"
},
{
"name": "CVE-2011-0014",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0014"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
}
],
"initial_release_date": "2012-09-03T00:00:00",
"last_revision_date": "2012-09-03T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-479",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-03T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans les produits \u003cspan\nclass=\"textit\"\u003eVMware\u003c/span\u003e. Elles concernent les \u00e9l\u00e9ments d\u0027\u00e9diteurs\ntiers impl\u00e9ment\u00e9s dans les solutions. Les \u00e9l\u00e9ments suivants ont \u00e9t\u00e9s mis\n\u00e0 jour :\n\n- Java Runtime Environment (JRE) ;\n- OpenSSL ;\n- le noyau ;\n- Perl ;\n- libxml2 ;\n- glibc ;\n- GnuTLS ;\n- popt et rpm ;\n- Apache struts.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2012-0013 du 30 ao\u00fbt 2012",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0013.html"
}
]
}
CERTFR-2016-AVI-300
Vulnerability from certfr_avis - Published: 2016-09-08 - Updated: 2016-09-08
De multiples vulnérabilités ont été corrigées dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Juniper Junos Space versions antérieures à 15.1R1
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eJuniper Junos Space versions ant\u00e9rieures \u00e0 15.1R1\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2014-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0460"
},
{
"name": "CVE-2010-1429",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1429"
},
{
"name": "CVE-2013-1557",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1557"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2013-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2389"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2013-3805",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3805"
},
{
"name": "CVE-2013-3801",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3801"
},
{
"name": "CVE-2015-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0975"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2010-0738",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0738"
},
{
"name": "CVE-2014-6491",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6491"
},
{
"name": "CVE-2010-1428",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1428"
},
{
"name": "CVE-2013-1502",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1502"
},
{
"name": "CVE-2013-1544",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1544"
},
{
"name": "CVE-2013-2392",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2392"
},
{
"name": "CVE-2014-0429",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0429"
},
{
"name": "CVE-2013-0166",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0166"
},
{
"name": "CVE-2014-0456",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0456"
},
{
"name": "CVE-2013-3804",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3804"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2015-2620",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2620"
},
{
"name": "CVE-2014-0098",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0098"
},
{
"name": "CVE-2013-3809",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3809"
},
{
"name": "CVE-2014-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0453"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2014-1568",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-1568"
},
{
"name": "CVE-2014-0423",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0423"
},
{
"name": "CVE-2013-3808",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3808"
},
{
"name": "CVE-2013-3783",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3783"
},
{
"name": "CVE-2014-0224",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0224"
},
{
"name": "CVE-2014-4263",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4263"
},
{
"name": "CVE-2014-6500",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6500"
},
{
"name": "CVE-2014-6495",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6495"
},
{
"name": "CVE-2012-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-3143"
},
{
"name": "CVE-2013-2422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2422"
},
{
"name": "CVE-2014-6494",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6494"
},
{
"name": "CVE-2013-2376",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2376"
},
{
"name": "CVE-2013-2249",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2249"
},
{
"name": "CVE-2015-3209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3209"
},
{
"name": "CVE-2013-3794",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3794"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2012-0818",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0818"
},
{
"name": "CVE-2013-1511",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1511"
},
{
"name": "CVE-2013-1862",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1862"
},
{
"name": "CVE-2014-6478",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6478"
},
{
"name": "CVE-2014-6559",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6559"
},
{
"name": "CVE-2014-3413",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3413"
},
{
"name": "CVE-2014-4244",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4244"
},
{
"name": "CVE-2013-3802",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3802"
},
{
"name": "CVE-2013-3839",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3839"
},
{
"name": "CVE-2013-3812",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3812"
},
{
"name": "CVE-2013-2375",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2375"
},
{
"name": "CVE-2015-7753",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7753"
},
{
"name": "CVE-2014-6496",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6496"
},
{
"name": "CVE-2013-6438",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6438"
},
{
"name": "CVE-2013-1896",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1896"
},
{
"name": "CVE-2013-1532",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1532"
},
{
"name": "CVE-2013-2391",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2391"
},
{
"name": "CVE-2014-4264",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4264"
},
{
"name": "CVE-2013-3793",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-3793"
},
{
"name": "CVE-2011-5245",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-5245"
},
{
"name": "CVE-2013-1537",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1537"
},
{
"name": "CVE-2015-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0501"
},
{
"name": "CVE-2012-2333",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2333"
},
{
"name": "CVE-2013-5908",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-5908"
}
],
"initial_release_date": "2016-09-08T00:00:00",
"last_revision_date": "2016-09-08T00:00:00",
"links": [],
"reference": "CERTFR-2016-AVI-300",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2016-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Juniper\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10698 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10698\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10659 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10659\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10627 du 07 septembre 2016",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10627\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTA-2013-AVI-340
Vulnerability from certfr_avis - Published: 2013-06-05 - Updated: 2013-06-05
De multiples vulnérabilités ont été corrigées dans Apple OS X. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à OS X Mountain Lion 10.8.4
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Mountain Lion 10.8.4\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2013-0982",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0982"
},
{
"name": "CVE-2012-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
},
{
"name": "CVE-2013-0984",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0984"
},
{
"name": "CVE-2013-0277",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0277"
},
{
"name": "CVE-2013-1856",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1856"
},
{
"name": "CVE-2011-3210",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3210"
},
{
"name": "CVE-2013-1855",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1855"
},
{
"name": "CVE-2013-0276",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0276"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2013-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0985"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2011-4577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
},
{
"name": "CVE-2013-0983",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0983"
},
{
"name": "CVE-2013-0989",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0989"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2013-0990",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0990"
},
{
"name": "CVE-2013-0155",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0155"
},
{
"name": "CVE-2013-0986",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0986"
},
{
"name": "CVE-2013-0988",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0988"
},
{
"name": "CVE-2013-1024",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1024"
},
{
"name": "CVE-2013-0975",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0975"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
},
{
"name": "CVE-2011-3207",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3207"
},
{
"name": "CVE-2012-5519",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-5519"
},
{
"name": "CVE-2011-1945",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1945"
},
{
"name": "CVE-2013-0987",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0987"
},
{
"name": "CVE-2012-4929",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-4929"
},
{
"name": "CVE-2013-1854",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1854"
},
{
"name": "CVE-2013-0333",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0333"
},
{
"name": "CVE-2012-2333",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2333"
},
{
"name": "CVE-2013-1857",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1857"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
}
],
"initial_release_date": "2013-06-05T00:00:00",
"last_revision_date": "2013-06-05T00:00:00",
"links": [],
"reference": "CERTA-2013-AVI-340",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-06-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eApple OS X\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple OS X",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT5784 du 04 juin 2013",
"url": "http://support.apple.com/kb/HT5784"
}
]
}
CERTA-2012-AVI-286
Vulnerability from certfr_avis - Published: 2012-05-18 - Updated: 2012-05-18
De multiples vulnérabilités ont été corrigées dans HP-UX. Elles affectent l'environnement JAVA JRE et JDK ainsi que OpenSSL. Les failles sont majoritairement des dénis de service mais sont également présents des modifications de données et des accès non autorisés aux données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP-UX B.11.31.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP-UX B.11.23 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP-UX B.11.11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-4476",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4476"
},
{
"name": "CVE-2010-4465",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4465"
},
{
"name": "CVE-2012-0502",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0502"
},
{
"name": "CVE-2010-4473",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4473"
},
{
"name": "CVE-2011-3556",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3556"
},
{
"name": "CVE-2011-3545",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3545"
},
{
"name": "CVE-2011-3548",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3548"
},
{
"name": "CVE-2011-0864",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0864"
},
{
"name": "CVE-2010-4447",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4447"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2012-2110",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
},
{
"name": "CVE-2012-0505",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0505"
},
{
"name": "CVE-2011-3552",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3552"
},
{
"name": "CVE-2012-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0499"
},
{
"name": "CVE-2011-0871",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0871"
},
{
"name": "CVE-2011-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3560"
},
{
"name": "CVE-2010-4448",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4448"
},
{
"name": "CVE-2010-4462",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4462"
},
{
"name": "CVE-2012-0884",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0884"
},
{
"name": "CVE-2006-7250",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-7250"
},
{
"name": "CVE-2012-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0506"
},
{
"name": "CVE-2011-0802",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0802"
},
{
"name": "CVE-2012-0503",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0503"
},
{
"name": "CVE-2012-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
},
{
"name": "CVE-2010-4454",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4454"
},
{
"name": "CVE-2011-0862",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0862"
},
{
"name": "CVE-2011-3563",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3563"
},
{
"name": "CVE-2011-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0865"
},
{
"name": "CVE-2011-0815",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0815"
},
{
"name": "CVE-2010-4469",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4469"
},
{
"name": "CVE-2011-0814",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0814"
},
{
"name": "CVE-2010-4475",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-4475"
},
{
"name": "CVE-2011-3557",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3557"
},
{
"name": "CVE-2011-0867",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-0867"
},
{
"name": "CVE-2011-3549",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3549"
},
{
"name": "CVE-2011-3547",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3547"
},
{
"name": "CVE-2011-3389",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
},
{
"name": "CVE-2012-2131",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2131"
}
],
"initial_release_date": "2012-05-18T00:00:00",
"last_revision_date": "2012-05-18T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-286",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-05-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eHP-UX\u003c/span\u003e. Elles affectent l\u0027environnement JAVA \u003cspan\nclass=\"textit\"\u003eJRE\u003c/span\u003e et \u003cspan class=\"textit\"\u003eJDK\u003c/span\u003e ainsi que\n\u003cspan class=\"textit\"\u003eOpenSSL\u003c/span\u003e. Les failles sont majoritairement\ndes d\u00e9nis de service mais sont \u00e9galement pr\u00e9sents des modifications de\ndonn\u00e9es et des acc\u00e8s non autoris\u00e9s aux donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP-UX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP-UX c03316985 du 15 mai 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03316985"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP-UX c03333987 du 17 mai 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03316985"
}
]
}
CERTA-2012-AVI-358
Vulnerability from certfr_avis - Published: 2012-06-29 - Updated: 2012-06-29
Vingt-huit vulnérabilités ont été corrigées dans HP System Management Homepage. Ces vulnérabilités touchent les versions Linux et Windows du produit et peuvent mener à une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Versions antérieures à HP System Management Homepage 7.1.1.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 HP System Management Homepage 7.1.1.\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4415",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4415"
},
{
"name": "CVE-2012-0053",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0053"
},
{
"name": "CVE-2011-4078",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4078"
},
{
"name": "CVE-2012-0021",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0021"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2012-2015",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2015"
},
{
"name": "CVE-2012-2012",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2012"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2012-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0031"
},
{
"name": "CVE-2012-2013",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2013"
},
{
"name": "CVE-2012-1823",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1823"
},
{
"name": "CVE-2011-4577",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4577"
},
{
"name": "CVE-2011-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
},
{
"name": "CVE-2011-2834",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2011-2821",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-2821"
},
{
"name": "CVE-2012-1165",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-1165"
},
{
"name": "CVE-2011-3607",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3607"
},
{
"name": "CVE-2012-2016",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2016"
},
{
"name": "CVE-2012-0036",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0036"
},
{
"name": "CVE-2012-0057",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0057"
},
{
"name": "CVE-2011-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4317"
},
{
"name": "CVE-2011-4153",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4153"
},
{
"name": "CVE-2011-3379",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-3379"
},
{
"name": "CVE-2011-4885",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
},
{
"name": "CVE-2012-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0830"
},
{
"name": "CVE-2012-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0027"
},
{
"name": "CVE-2012-2014",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-2014"
}
],
"initial_release_date": "2012-06-29T00:00:00",
"last_revision_date": "2012-06-29T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-358",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-06-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Vingt-huit vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eHP\nSystem Management Homepage\u003c/span\u003e. Ces vuln\u00e9rabilit\u00e9s touchent les\nversions \u003cspan class=\"textit\"\u003eLinux\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003eWindows\u003c/span\u003e du produit et peuvent mener \u00e0 une\nex\u00e9cution de code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP System Management Homepage",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 HP c03360041 du 26 juin 2012",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
}
]
}
CERTA-2012-AVI-171
Vulnerability from certfr_avis - Published: 2012-03-26 - Updated: 2012-03-26
De multiples vulnérabilités dans IBM AIX ont été corrigées.
Description
Plusieurs vulnérabilités liées à OpenSSL ont été corrigées. L'exploitation de ces vulnérabilités peut entrainer un déchiffrement partiel des communications.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Versions AIX 5.3, 6.1, 7.1 et pr\u00e9cedentes ;",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Versions 2.X et 1.5.2.",
"product": {
"name": "AIX",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s li\u00e9es \u00e0 OpenSSL ont \u00e9t\u00e9 corrig\u00e9es.\nL\u0027exploitation de ces vuln\u00e9rabilit\u00e9s peut entrainer un d\u00e9chiffrement\npartiel des communications.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0050",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0050"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2011-4108",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4108"
},
{
"name": "CVE-2011-4109",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
}
],
"initial_release_date": "2012-03-26T00:00:00",
"last_revision_date": "2012-03-26T00:00:00",
"links": [],
"reference": "CERTA-2012-AVI-171",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-03-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eIBM AIX\u003c/span\u003e ont\n\u00e9t\u00e9 corrig\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM AIX",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM AIX du 22 mars 2012",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
}
]
}
CERTA-2013-AVI-267
Vulnerability from certfr_avis - Published: 2013-04-23 - Updated: 2013-04-23
De multiples vulnérabilités ont été corrigées dans Avaya Communication Manager. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Avaya Communication Manager versions antérieures à 5.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eAvaya Communication Manager versions ant\u00e9rieures \u00e0 5.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2011-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4609"
},
{
"name": "CVE-2011-4619",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4619"
},
{
"name": "CVE-2011-4576",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4576"
},
{
"name": "CVE-2009-5064",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5064"
},
{
"name": "CVE-2009-5029",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-5029"
},
{
"name": "CVE-2011-1659",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1659"
},
{
"name": "CVE-2010-0296",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0296"
},
{
"name": "CVE-2010-0830",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-0830"
},
{
"name": "CVE-2011-1071",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1071"
},
{
"name": "CVE-2011-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1095"
},
{
"name": "CVE-2011-1089",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-1089"
}
],
"initial_release_date": "2013-04-23T00:00:00",
"last_revision_date": "2013-04-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-094 du 19 avril 2013",
"url": "https://downloads.avaya.com/css/P8/documents/100157565"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2012-155 du 19 avril 2013",
"url": "https://downloads.avaya.com/css/P8/documents/100160531"
}
],
"reference": "CERTA-2013-AVI-267",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2013-04-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAvaya Communication Manager\u003c/span\u003e. Certaines d\u0027entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un contournement\nde la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Avaya Communication Manager",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Avaya du 19 avril 2013",
"url": null
}
]
}
GHSA-9866-P82R-56GJ
Vulnerability from github – Published: 2022-05-17 03:50 – Updated: 2022-05-17 03:50
VLAI?
Details
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2011-4619"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-01-06T01:55:00Z",
"severity": "MODERATE"
},
"details": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.",
"id": "GHSA-9866-p82r-56gj",
"modified": "2022-05-17T03:50:08Z",
"published": "2022-05-17T03:50:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4619"
},
{
"type": "WEB",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
},
{
"type": "WEB",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/48528"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/57353"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT5784"
},
{
"type": "WEB",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2012/dsa-2390"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
},
{
"type": "WEB",
"url": "http://www.openssl.org/news/secadv_20120104.txt"
}
],
"schema_version": "1.4.0",
"severity": []
}
GSD-2011-4619
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2011-4619",
"description": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.",
"id": "GSD-2011-4619",
"references": [
"https://www.suse.com/security/cve/CVE-2011-4619.html",
"https://www.debian.org/security/2012/dsa-2390",
"https://access.redhat.com/errata/RHSA-2012:1308",
"https://access.redhat.com/errata/RHSA-2012:1307",
"https://access.redhat.com/errata/RHSA-2012:1306",
"https://access.redhat.com/errata/RHSA-2012:0168",
"https://access.redhat.com/errata/RHSA-2012:0109",
"https://access.redhat.com/errata/RHSA-2012:0086",
"https://access.redhat.com/errata/RHSA-2012:0060",
"https://access.redhat.com/errata/RHSA-2012:0059",
"https://alas.aws.amazon.com/cve/html/CVE-2011-4619.html",
"https://linux.oracle.com/cve/CVE-2011-4619.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2011-4619"
],
"details": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.",
"id": "GSD-2011-4619",
"modified": "2023-12-13T01:19:05.959694Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/advisories/57353",
"refsource": "MISC",
"url": "http://secunia.com/advisories/57353"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "MISC",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html",
"refsource": "MISC",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5784",
"refsource": "MISC",
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc",
"refsource": "MISC",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
},
{
"name": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"refsource": "MISC",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
},
{
"name": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html",
"refsource": "MISC",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-1306.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-1307.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"name": "http://rhn.redhat.com/errata/RHSA-2012-1308.html",
"refsource": "MISC",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"name": "http://secunia.com/advisories/48528",
"refsource": "MISC",
"url": "http://secunia.com/advisories/48528"
},
{
"name": "http://www.debian.org/security/2012/dsa-2390",
"refsource": "MISC",
"url": "http://www.debian.org/security/2012/dsa-2390"
},
{
"name": "http://www.kb.cert.org/vuls/id/737740",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
},
{
"name": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007",
"refsource": "MISC",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
},
{
"name": "http://www.openssl.org/news/secadv_20120104.txt",
"refsource": "MISC",
"url": "http://www.openssl.org/news/secadv_20120104.txt"
},
{
"name": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2",
"refsource": "MISC",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.8r",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0e",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4619"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openssl.org/news/secadv_20120104.txt",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssl.org/news/secadv_20120104.txt"
},
{
"name": "MDVSA-2012:006",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
},
{
"name": "MDVSA-2012:007",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
},
{
"name": "SUSE-SU-2012:0084",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
},
{
"name": "openSUSE-SU-2012:0083",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
},
{
"name": "HPSBMU02786",
"refsource": "HP",
"tags": [],
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc",
"refsource": "CONFIRM",
"tags": [],
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
},
{
"name": "48528",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/48528"
},
{
"name": "HPSBOV02793",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"name": "RHSA-2012:1306",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"name": "RHSA-2012:1307",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"name": "RHSA-2012:1308",
"refsource": "REDHAT",
"tags": [],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"name": "HPSBUX02734",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"name": "DSA-2390",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2012/dsa-2390"
},
{
"name": "APPLE-SA-2013-06-04-1",
"refsource": "APPLE",
"tags": [],
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5784",
"refsource": "CONFIRM",
"tags": [],
"url": "http://support.apple.com/kb/HT5784"
},
{
"name": "FEDORA-2012-18035",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"name": "VU#737740",
"refsource": "CERT-VN",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"name": "57353",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/57353"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"name": "SSRT100852",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"name": "HPSBUX02782",
"refsource": "HP",
"tags": [],
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2016-08-23T02:04Z",
"publishedDate": "2012-01-06T01:55Z"
}
}
}
FKIE_CVE-2011-4619
Vulnerability from fkie_nvd - Published: 2012-01-06 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc | ||
| secalert@redhat.com | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=132750648501816&w=2 | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=133728068926468&w=2 | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=133951357207000&w=2 | ||
| secalert@redhat.com | http://marc.info/?l=bugtraq&m=134039053214295&w=2 | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1306.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1307.html | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1308.html | ||
| secalert@redhat.com | http://secunia.com/advisories/48528 | ||
| secalert@redhat.com | http://secunia.com/advisories/57353 | ||
| secalert@redhat.com | http://support.apple.com/kb/HT5784 | ||
| secalert@redhat.com | http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 | ||
| secalert@redhat.com | http://www.debian.org/security/2012/dsa-2390 | ||
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/737740 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2012:006 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2012:007 | ||
| secalert@redhat.com | http://www.openssl.org/news/secadv_20120104.txt | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=132750648501816&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=133728068926468&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=133951357207000&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=134039053214295&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1306.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1307.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1308.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48528 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/57353 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT5784 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2390 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/737740 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:006 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:007 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openssl.org/news/secadv_20120104.txt | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openssl | openssl | * | |
| openssl | openssl | 0.9.1c | |
| openssl | openssl | 0.9.2b | |
| openssl | openssl | 0.9.4 | |
| openssl | openssl | 0.9.5 | |
| openssl | openssl | 0.9.5a | |
| openssl | openssl | 0.9.6 | |
| openssl | openssl | 0.9.6a | |
| openssl | openssl | 0.9.6b | |
| openssl | openssl | 0.9.6c | |
| openssl | openssl | 0.9.6d | |
| openssl | openssl | 0.9.6e | |
| openssl | openssl | 0.9.6f | |
| openssl | openssl | 0.9.6g | |
| openssl | openssl | 0.9.6h | |
| openssl | openssl | 0.9.6h | |
| openssl | openssl | 0.9.6i | |
| openssl | openssl | 0.9.6j | |
| openssl | openssl | 0.9.6k | |
| openssl | openssl | 0.9.6l | |
| openssl | openssl | 0.9.6m | |
| openssl | openssl | 0.9.7 | |
| openssl | openssl | 0.9.7a | |
| openssl | openssl | 0.9.7b | |
| openssl | openssl | 0.9.7c | |
| openssl | openssl | 0.9.7d | |
| openssl | openssl | 0.9.7e | |
| openssl | openssl | 0.9.7f | |
| openssl | openssl | 0.9.7g | |
| openssl | openssl | 0.9.7h | |
| openssl | openssl | 0.9.7i | |
| openssl | openssl | 0.9.7j | |
| openssl | openssl | 0.9.7k | |
| openssl | openssl | 0.9.7l | |
| openssl | openssl | 0.9.7m | |
| openssl | openssl | 0.9.8 | |
| openssl | openssl | 0.9.8a | |
| openssl | openssl | 0.9.8b | |
| openssl | openssl | 0.9.8c | |
| openssl | openssl | 0.9.8d | |
| openssl | openssl | 0.9.8e | |
| openssl | openssl | 0.9.8f | |
| openssl | openssl | 0.9.8g | |
| openssl | openssl | 0.9.8h | |
| openssl | openssl | 0.9.8i | |
| openssl | openssl | 0.9.8j | |
| openssl | openssl | 0.9.8k | |
| openssl | openssl | 0.9.8l | |
| openssl | openssl | 0.9.8m | |
| openssl | openssl | 0.9.8n | |
| openssl | openssl | 0.9.8o | |
| openssl | openssl | 0.9.8p | |
| openssl | openssl | 0.9.8q | |
| openssl | openssl | * | |
| openssl | openssl | 1.0.0 | |
| openssl | openssl | 1.0.0 | |
| openssl | openssl | 1.0.0 | |
| openssl | openssl | 1.0.0 | |
| openssl | openssl | 1.0.0 | |
| openssl | openssl | 1.0.0 | |
| openssl | openssl | 1.0.0a | |
| openssl | openssl | 1.0.0b | |
| openssl | openssl | 1.0.0c | |
| openssl | openssl | 1.0.0d |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D22F36D1-6773-4D86-A9B7-69693EFAEFB1",
"versionEndIncluding": "0.9.8r",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.1c:*:*:*:*:*:*:*",
"matchCriteriaId": "14D983EC-61B0-4FD9-89B5-9878E4CE4405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.2b:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D7BE3C-8CA2-4FB2-B4AE-B201D88C2A9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8847BD34-BDE6-4AE9-96D9-75B9CF93A6A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EDB5A09-BE86-4352-9799-A875649EDB7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.5a:*:*:*:*:*:*:*",
"matchCriteriaId": "F03FA9C0-24C7-46AC-92EC-7834BC34C79B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B5E4742C-A983-4F00-B24F-AB280C0E876D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6a:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0628DF-3A4C-4078-B615-22260671EABF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6b:*:*:*:*:*:*:*",
"matchCriteriaId": "962FCB86-15AD-4399-8B7D-EC1DEA919C59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6c:*:*:*:*:*:*:*",
"matchCriteriaId": "0FCA45CE-4127-47AD-BBA8-8A6DD83AE1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6d:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA1CA40-7DB5-4DCA-97A8-9A8CF4FECECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6e:*:*:*:*:*:*:*",
"matchCriteriaId": "180D07AE-C571-4DD6-837C-43E2A946007A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6f:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3E4D2A-6488-4F8B-A3CA-4161A10FA4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6g:*:*:*:*:*:*:*",
"matchCriteriaId": "90789533-C741-4B1C-A24B-2C77B9E4DE5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:*:*:*:*:*:*:*",
"matchCriteriaId": "1520065B-46D7-48A4-B9D0-5B49F690C5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6h:bogus:*:*:*:*:*:*",
"matchCriteriaId": "83C6B8F4-DA78-4E92-8660-5F20FCADD0DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6i:*:*:*:*:*:*:*",
"matchCriteriaId": "5B76FE2D-FBE0-4A3B-A0EA-179332D74F0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6j:*:*:*:*:*:*:*",
"matchCriteriaId": "2AA526B9-726A-49D5-B3CA-EBE2DA303CA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6k:*:*:*:*:*:*:*",
"matchCriteriaId": "494E48E7-EF86-4860-9A53-94F6C313746E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6l:*:*:*:*:*:*:*",
"matchCriteriaId": "2636B92E-47D5-42EA-9585-A2B84FBE71CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.6m:*:*:*:*:*:*:*",
"matchCriteriaId": "72FE2F46-2D0C-4C90-AFBE-D2E7B496D6E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "45A518E8-21BE-4C5C-B425-410AB1208E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7a:*:*:*:*:*:*:*",
"matchCriteriaId": "78E79A05-64F3-4397-952C-A5BB950C967D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7b:*:*:*:*:*:*:*",
"matchCriteriaId": "7F7C9E77-1EB2-4720-A8FD-23DC1C877D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7c:*:*:*:*:*:*:*",
"matchCriteriaId": "549BB01D-F322-4FE3-BDA2-4FEA8ED8568A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7d:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE6CBD6-D6DD-4BC5-93F6-FDEA70163336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7e:*:*:*:*:*:*:*",
"matchCriteriaId": "98693865-2E79-4BD6-9F89-1994BC9A3E73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7f:*:*:*:*:*:*:*",
"matchCriteriaId": "D6476506-EC37-4726-82DC-D0E8254A8CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7g:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6ECEF7-CB16-4604-894B-6EB19F1CEF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7h:*:*:*:*:*:*:*",
"matchCriteriaId": "1C81EF3D-4DB7-4799-9670-8D79E28CA184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7i:*:*:*:*:*:*:*",
"matchCriteriaId": "A8116A66-175C-4E6D-9A9B-D54C1D97D213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7j:*:*:*:*:*:*:*",
"matchCriteriaId": "382C1679-DA1D-4FA4-9D5E-B86CC5052D49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7k:*:*:*:*:*:*:*",
"matchCriteriaId": "1CA28812-8A24-4FE1-BED9-D6D5BB023645",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7l:*:*:*:*:*:*:*",
"matchCriteriaId": "9894D83E-2A27-446E-8B47-9C03CF802A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.7m:*:*:*:*:*:*:*",
"matchCriteriaId": "55A9AC4D-E19B-431F-8679-B62F5F46BCF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4E446D-B9D3-45F2-9722-B41FA14A6C31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8a:*:*:*:*:*:*:*",
"matchCriteriaId": "AF4EA988-FC80-4170-8933-7C6663731981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8b:*:*:*:*:*:*:*",
"matchCriteriaId": "64F8F53B-24A1-4877-B16E-F1917C4E4E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8c:*:*:*:*:*:*:*",
"matchCriteriaId": "75D3ACD5-905F-42BB-BE1A-8382E9D823BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8d:*:*:*:*:*:*:*",
"matchCriteriaId": "766EA6F2-7FA4-4713-9859-9971CCD2FDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8e:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBC30B7-627D-48DC-8EF0-AE8FA0C6EDBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8f:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB38AEA-BAF0-4920-9A71-747C24444770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8g:*:*:*:*:*:*:*",
"matchCriteriaId": "1F33EA2B-DE15-4695-A383-7A337AC38908",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8h:*:*:*:*:*:*:*",
"matchCriteriaId": "261EE631-AB43-44FE-B02A-DFAAB8D35927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8i:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0E0BBF-D0BE-41A7-B9BB-C28F01000BC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8j:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1365ED-4651-4AB2-A64B-43782EA2F0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8k:*:*:*:*:*:*:*",
"matchCriteriaId": "EC82690C-DCED-47BA-AA93-4D0C9E95B806",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8l:*:*:*:*:*:*:*",
"matchCriteriaId": "43B90ED1-DAB4-4239-8AD8-87E8D568D5D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8m:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9BF2DD-85EF-49CF-8D83-0DB46449E333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8n:*:*:*:*:*:*:*",
"matchCriteriaId": "86C46AB8-52E5-4385-9C5C-F63FF9DB82AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8o:*:*:*:*:*:*:*",
"matchCriteriaId": "564AA4E7-223E-48D8-B3E0-A461969CF530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8p:*:*:*:*:*:*:*",
"matchCriteriaId": "A82CFB41-BEA5-4B5F-BCAA-9BAED22EEAF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:0.9.8q:*:*:*:*:*:*:*",
"matchCriteriaId": "35C2AE06-B6E8-41C4-BB60-177AC4819CE6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0823F96-5158-4A55-BBB3-FA10868E9B6F",
"versionEndIncluding": "1.0.0e",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "7E9480D6-3B6A-4C41-B8C1-C3F945040772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
"matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
"matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
"matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
},
{
"lang": "es",
"value": "La implementaci\u00f3n del servidor de criptograf\u00eda SGC en OpenSSL antes de v0.9.8s y en v1.x antes de v1.0.0f no controla correctamente los reinicios de \u0027handshake\u0027 (apret\u00f3n de manos), lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-4619",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-06T01:55:01.003",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
},
{
"source": "secalert@redhat.com",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48528"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/57353"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT5784"
},
{
"source": "secalert@redhat.com",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2390"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssl.org/news/secadv_20120104.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://aix.software.ibm.com/aix/efixes/security/openssl_advisory3.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=132750648501816\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=133728068926468\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=134039053214295\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/57353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/737740"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openssl.org/news/secadv_20120104.txt"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…