Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7529 (GCVE-0-2017-7529)
Vulnerability from cvelistv5 – Published: 2017-07-13 13:00 – Updated: 2024-09-16 18:39
VLAI?
EPSS
Summary
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:04:11.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "RHSA-2017:2538",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "99534",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nginx",
"vendor": "nginx",
"versions": [
{
"status": "affected",
"version": "0.5.6 - 1.13.2"
}
]
}
],
"datePublic": "2017-07-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-21T23:07:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "RHSA-2017:2538",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "99534",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-7529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nginx",
"version": {
"version_data": [
{
"version_value": "0.5.6 - 1.13.2"
}
]
}
}
]
},
"vendor_name": "nginx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"refsource": "MLIST",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "RHSA-2017:2538",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "99534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039238"
},
{
"name": "https://puppet.com/security/cve/cve-2017-7529",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2017-7529",
"datePublished": "2017-07-13T13:00:00.000Z",
"dateReserved": "2017-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:39:56.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2020-AVI-290
Vulnerability from certfr_avis - Published: 2020-05-14 - Updated: 2020-05-18
De multiples vulnérabilités ont été découvertes dans Palo Alto PAN-OS et GlobalProtect. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Palo Alto Networks | PAN-OS | GlobalProtect versions 5.1.x antérieures à 5.1.2 sur Windows et MacOS | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 8.x antérieures à 8.1.14 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.1.x antérieures à 9.1.2 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 7.1.x antérieures à 7.1.26 | ||
| Palo Alto Networks | PAN-OS | PAN-OS versions 9.0.x antérieures à 9.0.8 | ||
| Palo Alto Networks | PAN-OS | GlobalProtect versions 5.0.x antérieures à 5.0.9 sur Windows et MacOS |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "GlobalProtect versions 5.1.x ant\u00e9rieures \u00e0 5.1.2 sur Windows et MacOS",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 8.x ant\u00e9rieures \u00e0 8.1.14",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.1.x ant\u00e9rieures \u00e0 9.1.2",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 7.1.x ant\u00e9rieures \u00e0 7.1.26",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "PAN-OS versions 9.0.x ant\u00e9rieures \u00e0 9.0.8",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
},
{
"description": "GlobalProtect versions 5.0.x ant\u00e9rieures \u00e0 5.0.9 sur Windows et MacOS",
"product": {
"name": "PAN-OS",
"vendor": {
"name": "Palo Alto Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-2002",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2002"
},
{
"name": "CVE-2020-2006",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2006"
},
{
"name": "CVE-2020-2015",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2015"
},
{
"name": "CVE-2020-2001",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2001"
},
{
"name": "CVE-2020-1994",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1994"
},
{
"name": "CVE-2020-1996",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1996"
},
{
"name": "CVE-2013-0337",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0337"
},
{
"name": "CVE-2020-2007",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2007"
},
{
"name": "CVE-2020-2009",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2009"
},
{
"name": "CVE-2020-2012",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2012"
},
{
"name": "CVE-2020-2013",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2013"
},
{
"name": "CVE-2016-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4450"
},
{
"name": "CVE-2020-2014",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2014"
},
{
"name": "CVE-2020-2017",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2017"
},
{
"name": "CVE-2020-2008",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2008"
},
{
"name": "CVE-2020-2010",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2010"
},
{
"name": "CVE-2020-1997",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1997"
},
{
"name": "CVE-2020-1993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1993"
},
{
"name": "CVE-2020-2005",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2005"
},
{
"name": "CVE-2020-1998",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1998"
},
{
"name": "CVE-2017-7529",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
},
{
"name": "CVE-2020-2003",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2003"
},
{
"name": "CVE-2020-1995",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1995"
},
{
"name": "CVE-2020-2018",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2018"
},
{
"name": "CVE-2020-2004",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2004"
}
],
"initial_release_date": "2020-05-14T00:00:00",
"last_revision_date": "2020-05-18T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-290",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-05-14T00:00:00.000000"
},
{
"description": "Retrait des liens Mitre en double.",
"revision_date": "2020-05-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Palo Alto PAN-OS et\nGlobalProtect. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Palo Alto PAN-OS et GlobalProtect",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-1998 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-1998"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2010 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2010"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-1994 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-1994"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2002 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2002"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2014 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2014"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-1997 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-1997"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2012 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2012"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2009 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2009"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-1996 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-1996"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2013 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2013"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2017 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2017"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2017-7529 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2017-7529"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2008 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2008"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2004 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2004"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2007 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2007"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-1993 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-1993"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2015 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2015"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2003 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2003"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2005 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2005"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2006 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2006"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2018 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2018"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-1995 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-1995"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Palo Alto CVE-2020-2001 du 13 mai 2020",
"url": "https://security.paloaltonetworks.com/CVE-2020-2001"
}
]
}
CERTFR-2024-AVI-0866
Vulnerability from certfr_avis - Published: 2024-10-10 - Updated: 2024-10-10
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions suivantes de Junos OS et Junos OS Evolved sont à paraître : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions antérieures à 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO | ||
| Juniper Networks | N/A | Junos Space 24.1R1 sans le correctif de sécurité Patch V1 et V2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space 24.1R1 sans le correctif de s\u00e9curit\u00e9 Patch V1 et V2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "Les versions suivantes de Junos OS et Junos OS Evolved sont \u00e0 para\u00eetre : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2016-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1247"
},
{
"name": "CVE-2024-47501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47501"
},
{
"name": "CVE-2024-47496",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47496"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2024-47493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47493"
},
{
"name": "CVE-2024-39515",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39515"
},
{
"name": "CVE-2021-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3618"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2023-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3823"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39525",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39525"
},
{
"name": "CVE-2024-47498",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47498"
},
{
"name": "CVE-2016-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0746"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2017-20005",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20005"
},
{
"name": "CVE-2024-39544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39544"
},
{
"name": "CVE-2016-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4450"
},
{
"name": "CVE-2023-0568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
},
{
"name": "CVE-2024-47489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47489"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2024-47494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47494"
},
{
"name": "CVE-2024-39534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39534"
},
{
"name": "CVE-2024-47499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47499"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2024-39526",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39526"
},
{
"name": "CVE-2024-39547",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39547"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2024-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47495"
},
{
"name": "CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"name": "CVE-2016-0747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0747"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2024-47490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47490"
},
{
"name": "CVE-2018-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16845"
},
{
"name": "CVE-2024-47491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47491"
},
{
"name": "CVE-2017-7529",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
},
{
"name": "CVE-2024-39527",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39527"
},
{
"name": "CVE-2024-39563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39563"
},
{
"name": "CVE-2024-47502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47502"
},
{
"name": "CVE-2024-39516",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39516"
},
{
"name": "CVE-2024-47503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47503"
},
{
"name": "CVE-2023-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
},
{
"name": "CVE-2024-47506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47506"
},
{
"name": "CVE-2023-0662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2016-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0742"
},
{
"name": "CVE-2024-47504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47504"
},
{
"name": "CVE-2023-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3824"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-47507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47507"
},
{
"name": "CVE-2024-47497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47497"
}
],
"initial_release_date": "2024-10-10T00:00:00",
"last_revision_date": "2024-10-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0866",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88112",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-c-ares-1-18-1"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88121",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Due-to-a-race-condition-AgentD-process-causes-a-memory-corruption-and-FPC-reset-CVE-2024-47494"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88104",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88107",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-resolved-in-OpenSSL"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88105",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Connections-to-the-network-and-broadcast-address-accepted-CVE-2024-39534"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88134",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5000-Series-Receipt-of-a-specific-malformed-packet-will-cause-a-flowd-crash-CVE-2024-47504"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88123",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX-Series-The-PFE-will-crash-on-running-specific-command-CVE-2024-47496"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88128",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88106",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Low-privileged-local-user-able-to-view-NETCONF-traceoptions-files-CVE-2024-39544"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88136",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Specific-low-privileged-CLI-commands-and-SNMP-GET-requests-can-trigger-a-resource-leak"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88110",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-Remote-Command-Execution-RCE-vulnerability-in-web-application-CVE-2024-39563"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88122",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-In-a-dual-RE-scenario-a-locally-authenticated-attacker-with-shell-privileges-can-take-over-the-device-CVE-2024-47495"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88124",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-QFX-Series-MX-Series-and-EX-Series-Receiving-specific-HTTPS-traffic-causes-resource-exhaustion-CVE-2024-47497"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88111",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-Series-Receipt-of-specific-transit-protocol-packets-is-incorrectly-processed-by-the-RE-CVE-2024-47489"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88108",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-cRPD-Receipt-of-crafted-TCP-traffic-can-trigger-high-CPU-utilization-CVE-2024-39547"
},
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88100",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-BGP-packet-causes-RPD-crash-when-segment-routing-is-enabled-CVE-2024-39516"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88131",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX304-MX-with-MPC10-11-LC9600-and-EX9200-with-EX9200-15C-In-a-VPLS-or-Junos-Fusion-scenario-specific-show-commands-cause-an-FPC-crash-CVE-2024-47501"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88099",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-traceoptions-enabled-receipt-of-specially-crafted-BGP-update-causes-RPD-crash-CVE-2024-39515"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88135",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-OSS-component-nginx-resolved"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88102",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-nexthop-traceoptions-is-enabled-receipt-of-specially-crafted-BGP-packet-causes-RPD-crash-CVE-2024-39525"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88116",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-path-attribute-leads-to-an-RPD-crash-CVE-2024-47491"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88097",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-OS-command-injection-vulnerability-in-OpenSSH-CVE-2023-51385"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88133",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX4600-and-SRX5000-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2024-47503"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88137",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-A-large-amount-of-traffic-being-processed-by-ATP-Cloud-can-lead-to-a-PFE-crash-CVE-2024-47506"
},
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88119",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5K-SRX4600-and-MX-Series-Trio-based-FPCs-Continuous-physical-interface-flaps-causes-local-FPC-to-crash-CVE-2024-47493"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88103",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-MX-Series-with-MPC10-MPC11-LC9600-MX304-EX9200-PTX-Series-Receipt-of-malformed-DHCP-packets-causes-interfaces-to-stop-processing-packets-CVE-2024-39526"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88138",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-of-zero-0-is-accepted-CVE-2024-47507"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88129",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BMP-scenario-receipt-of-a-malformed-AS-PATH-attribute-can-cause-an-RPD-core-CVE-2024-47499"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88115",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Receipt-of-specific-transit-MPLS-packets-causes-resources-to-be-exhausted-CVE-2024-47490"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88120",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-J-Web-Multiple-vulnerabilities-resolved-in-PHP-software"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88132",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-TCP-session-state-is-not-always-cleared-on-the-Routing-Engine-CVE-2024-47502"
}
]
}
CERTFR-2017-AVI-211
Vulnerability from certfr_avis - Published: 2017-07-12 - Updated: 2017-07-12
Une vulnérabilité a été corrigée dans Nginx. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Nginx versions 0.5.6 à 1.13.2
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eNginx versions 0.5.6 \u00e0 1.13.2\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7529",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
}
],
"initial_release_date": "2017-07-12T00:00:00",
"last_revision_date": "2017-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-211",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan class=\"textit\"\u003eNginx\u003c/span\u003e.\nElle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Nginx",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nginx du 11 juillet 2017",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
}
]
}
CERTFR-2021-AVI-719
Vulnerability from certfr_avis - Published: 2021-09-21 - Updated: 2021-09-21
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | tvOS versions antérieures à 15.0 | ||
| Apple | N/A | iTunes pour Windows versions antérieures à 12.12 | ||
| Apple | N/A | Xcode versions antérieures à 13.0 | ||
| Apple | N/A | iPadOS versions antérieures à 15.0 | ||
| Apple | N/A | watchOS versions antérieures à 8.0 | ||
| Apple | N/A | iOS versions antérieures à 15.0 | ||
| Apple | Safari | Safari versions antérieures à 15.0 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "tvOS versions ant\u00e9rieures \u00e0 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iTunes pour Windows versions ant\u00e9rieures \u00e0 12.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Xcode versions ant\u00e9rieures \u00e0 13.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iPadOS versions ant\u00e9rieures \u00e0 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "watchOS versions ant\u00e9rieures \u00e0 8.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS versions ant\u00e9rieures \u00e0 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "Safari versions ant\u00e9rieures \u00e0 15.0",
"product": {
"name": "Safari",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30850",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30850"
},
{
"name": "CVE-2021-30849",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30849"
},
{
"name": "CVE-2021-30841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30841"
},
{
"name": "CVE-2018-16844",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16844"
},
{
"name": "CVE-2021-30811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30811"
},
{
"name": "CVE-2021-30837",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30837"
},
{
"name": "CVE-2016-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0746"
},
{
"name": "CVE-2021-30847",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30847"
},
{
"name": "CVE-2021-30835",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30835"
},
{
"name": "CVE-2018-16843",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16843"
},
{
"name": "CVE-2021-30855",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30855"
},
{
"name": "CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"name": "CVE-2016-0747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0747"
},
{
"name": "CVE-2021-30826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30826"
},
{
"name": "CVE-2021-30846",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30846"
},
{
"name": "CVE-2021-30848",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30848"
},
{
"name": "CVE-2021-30854",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30854"
},
{
"name": "CVE-2018-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16845"
},
{
"name": "CVE-2021-30810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30810"
},
{
"name": "CVE-2017-7529",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
},
{
"name": "CVE-2021-30819",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30819"
},
{
"name": "CVE-2021-30863",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30863"
},
{
"name": "CVE-2021-30815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30815"
},
{
"name": "CVE-2021-30825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30825"
},
{
"name": "CVE-2021-30857",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30857"
},
{
"name": "CVE-2021-30838",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30838"
},
{
"name": "CVE-2016-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0742"
},
{
"name": "CVE-2021-30851",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30851"
},
{
"name": "CVE-2013-0340",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0340"
},
{
"name": "CVE-2021-30842",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30842"
},
{
"name": "CVE-2021-30843",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30843"
}
],
"initial_release_date": "2021-09-21T00:00:00",
"last_revision_date": "2021-09-21T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212817 du 20 septembre 2021",
"url": "https://support.apple.com/en-us/HT212817"
}
],
"reference": "CERTFR-2021-AVI-719",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212818 du 20 septembre 2021",
"url": "https://support.apple.com/en-us/HT212818"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212819 du 20 septembre 2021",
"url": "https://support.apple.com/en-us/HT212819"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212816 du 20 septembre 2021",
"url": "https://support.apple.com/en-us/HT212816"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212817 du 20 septembre 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212814 du 20 septembre 2021",
"url": "https://support.apple.com/en-us/HT212814"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212815 du 20 septembre 2021",
"url": "https://support.apple.com/en-us/HT212815"
}
]
}
CNVD-2017-22747
Vulnerability from cnvd - Published: 2017-08-24
VLAI Severity ?
Title
Nginx远程整数溢出漏洞
Description
Nginx是一款使用非常广泛的高性能web服务器。
Nginx范围过滤器模块中存在整数溢出漏洞,允许远程攻击者利用漏洞提交特殊的请求,获取敏感信息或使应用程序崩溃。
Severity
中
Patch Name
Nginx远程整数溢出漏洞的补丁
Patch Description
Nginx是一款使用非常广泛的高性能web服务器。
Nginx范围过滤器模块中存在整数溢出漏洞,允许远程攻击者利用漏洞提交特殊的请求,获取敏感信息或使应用程序崩溃。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全补丁以修复该漏洞: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Reference
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html?_ga=2.6442610.1505586350.1499790303-541040954.1498583113&from=groupmessage&isappinstalled=0
Impacted products
| Name | Nginx Nginx |
|---|
{
"bids": {
"bid": {
"bidNumber": "99534"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-7529"
}
},
"description": "Nginx\u662f\u4e00\u6b3e\u4f7f\u7528\u975e\u5e38\u5e7f\u6cdb\u7684\u9ad8\u6027\u80fdweb\u670d\u52a1\u5668\u3002\r\n\r\nNginx\u8303\u56f4\u8fc7\u6ee4\u5668\u6a21\u5757\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002",
"discovererName": "Nginx",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-22747",
"openTime": "2017-08-24",
"patchDescription": "Nginx\u662f\u4e00\u6b3e\u4f7f\u7528\u975e\u5e38\u5e7f\u6cdb\u7684\u9ad8\u6027\u80fdweb\u670d\u52a1\u5668\u3002\r\n\r\nNginx\u8303\u56f4\u8fc7\u6ee4\u5668\u6a21\u5757\u4e2d\u5b58\u5728\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u7684\u8bf7\u6c42\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u4f7f\u5e94\u7528\u7a0b\u5e8f\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Nginx\u8fdc\u7a0b\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Nginx Nginx"
},
"referenceLink": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html?_ga=2.6442610.1505586350.1499790303-541040954.1498583113\u0026from=groupmessage\u0026isappinstalled=0",
"serverity": "\u4e2d",
"submitTime": "2017-07-12",
"title": "Nginx\u8fdc\u7a0b\u6574\u6570\u6ea2\u51fa\u6f0f\u6d1e"
}
cleanstart-2026-zt77083
Vulnerability from cleanstart
Published
2026-02-18 00:40
Modified
2026-02-17 14:16
Summary
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers
Details
Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ZT77083",
"modified": "2026-02-17T14:16:07Z",
"published": "2026-02-18T00:40:43.959662Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ZT77083.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7529"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16845"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-20372"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-23017"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-46461"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-46462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-46463"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3638"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41741"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41742"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31079"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-32760"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-34161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-35200"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7347"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-23419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16845"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46461"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46463"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3638"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41742"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31079"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32760"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35200"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7347"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23419"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers",
"upstream": [
"CVE-2017-7529",
"CVE-2018-16845",
"CVE-2019-20372",
"CVE-2019-9511",
"CVE-2019-9513",
"CVE-2019-9516",
"CVE-2021-23017",
"CVE-2021-46461",
"CVE-2021-46462",
"CVE-2021-46463",
"CVE-2022-25139",
"CVE-2022-3638",
"CVE-2022-41741",
"CVE-2022-41742",
"CVE-2023-44487",
"CVE-2024-31079",
"CVE-2024-32760",
"CVE-2024-34161",
"CVE-2024-35200",
"CVE-2024-7347",
"CVE-2025-23419"
]
}
FKIE_CVE-2017-7529
Vulnerability from fkie_nvd - Published: 2017-07-13 13:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html | Vendor Advisory | |
| secalert@redhat.com | http://seclists.org/fulldisclosure/2021/Sep/36 | Mailing List, Third Party Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/99534 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | http://www.securitytracker.com/id/1039238 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2017:2538 | Third Party Advisory | |
| secalert@redhat.com | https://puppet.com/security/cve/cve-2017-7529 | Third Party Advisory | |
| secalert@redhat.com | https://support.apple.com/kb/HT212818 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2021/Sep/36 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99534 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039238 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2017:2538 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://puppet.com/security/cve/cve-2017-7529 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT212818 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | nginx | * | |
| f5 | nginx | * | |
| puppet | puppet_enterprise | * | |
| puppet | puppet_enterprise | * | |
| puppet | puppet_enterprise | * | |
| apple | xcode | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19034A4-1211-4A40-A2D3-2A9F87770081",
"versionEndIncluding": "1.12.1",
"versionStartIncluding": "0.5.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA59CB1C-4A69-4593-9D22-9B45FCA70490",
"versionEndIncluding": "1.13.2",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7ABD977-A333-473B-806D-32ECD7909B35",
"versionEndExcluding": "2016.4.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15CC6F3C-8DA8-4CE0-8E9A-057A0F55DEE4",
"versionEndIncluding": "2017.1.1",
"versionStartIncluding": "2017.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38CBF065-5219-463A-9677-86088D761584",
"versionEndIncluding": "2017.2.3",
"versionStartIncluding": "2017.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BB279F6B-EE4C-4885-9CD4-657F6BD2548F",
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
},
{
"lang": "es",
"value": "Las versiones desde la 0.5.6 hasta 1.13.2 incluy\u00e9ndola de Nginx, son susceptibles a una vulnerabilidad de desbordamiento de enteros en el m\u00f3dulo filtro de rango de nginx, resultando en un filtrado de informaci\u00f3n potencialmente confidencial activada por una petici\u00f3n especialmente creada."
}
],
"id": "CVE-2017-7529",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-13T13:29:00.220",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212818"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-85MJ-H68W-W736
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04
VLAI?
Details
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
Severity ?
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2017-7529"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-13T13:29:00Z",
"severity": "HIGH"
},
"details": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"id": "GHSA-85mj-h68w-w736",
"modified": "2022-05-13T01:04:15Z",
"published": "2022-05-13T01:04:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"type": "WEB",
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT212818"
},
{
"type": "WEB",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99534"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039238"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2017-7529
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-7529",
"description": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"id": "GSD-2017-7529",
"references": [
"https://www.suse.com/security/cve/CVE-2017-7529.html",
"https://www.debian.org/security/2017/dsa-3908",
"https://access.redhat.com/errata/RHSA-2017:2538",
"https://ubuntu.com/security/CVE-2017-7529",
"https://advisories.mageia.org/CVE-2017-7529.html",
"https://security.archlinux.org/CVE-2017-7529",
"https://alas.aws.amazon.com/cve/html/CVE-2017-7529.html",
"https://linux.oracle.com/cve/CVE-2017-7529.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-7529"
],
"details": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request.",
"id": "GSD-2017-7529",
"modified": "2023-12-13T01:21:06.911859Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-7529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nginx",
"version": {
"version_data": [
{
"version_value": "0.5.6 - 1.13.2"
}
]
}
}
]
},
"vendor_name": "nginx"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"refsource": "MLIST",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "RHSA-2017:2538",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "99534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039238"
},
{
"name": "https://puppet.com/security/cve/cve-2017-7529",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12.1",
"versionStartIncluding": "0.5.6",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.13.2",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017.1.1",
"versionStartIncluding": "2017.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2017.2.3",
"versionStartIncluding": "2017.2.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2016.4.7",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7529"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered by specially crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[nginx-announce] 20170711 nginx security advisory (CVE-2017-7529)",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"
},
{
"name": "99534",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99534"
},
{
"name": "1039238",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039238"
},
{
"name": "https://puppet.com/security/cve/cve-2017-7529",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://puppet.com/security/cve/cve-2017-7529"
},
{
"name": "RHSA-2017:2538",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2538"
},
{
"name": "https://support.apple.com/kb/HT212818",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT212818"
},
{
"name": "20210921 APPLE-SA-2021-09-20-4 Xcode 13",
"refsource": "FULLDISC",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Sep/36"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-01-24T16:46Z",
"publishedDate": "2017-07-13T13:29Z"
}
}
}
CVE-2017-7529
Vulnerability from fstec - Published: 11.07.2017
VLAI Severity ?
Title
Уязвимость модуля фильтра диапазона nginx HTTP-сервера nginx, позволяющая нарушителю раскрыть защищаемую информацию
Description
Уязвимость модуля фильтра диапазона nginx HTTP-сервера nginx вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть защищаемую информацию с помощью специально созданного запроса
Severity ?
Vendor
NGINX Inc.
Software Name
nginx
Software Version
от 0.5.6 до 1.12.1 включительно (nginx), от 1.13.0 до 1.13.2 включительно (nginx)
Possible Mitigations
Использование рекомендаций:
Для nginx:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
Reference
https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
https://nvd.nist.gov/vuln/detail/CVE-2017-7529
CWE
CWE-190
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "NGINX Inc.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 0.5.6 \u0434\u043e 1.12.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (nginx), \u043e\u0442 1.13.0 \u0434\u043e 1.13.2 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (nginx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f nginx:\nhttp://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "11.07.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.03.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "15.06.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03045",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-7529",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "nginx",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 nginx HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 nginx, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0426\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0438\u043b\u0438 \u0446\u0438\u043a\u043b\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0441\u0434\u0432\u0438\u0433 (CWE-190)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0434\u0443\u043b\u044f \u0444\u0438\u043b\u044c\u0442\u0440\u0430 \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430 nginx HTTP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 nginx \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-7529",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-190",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…