Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-23017 (GCVE-0-2021-23017)
Vulnerability from cvelistv5 – Published: 2021-06-01 12:28 – Updated: 2024-08-03 18:58
VLAI?
EPSS
Summary
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | Nginx Web Server, Nginx Plus |
Affected:
Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:58:26.413Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K12331123%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"name": "[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "FEDORA-2021-b37cffac0d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"
},
{
"name": "FEDORA-2021-393d698493",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Nginx Web Server, Nginx Plus",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T15:06:16.000Z",
"orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"shortName": "f5"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.f5.com/csp/article/K12331123%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"name": "[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "FEDORA-2021-b37cffac0d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"
},
{
"name": "FEDORA-2021-393d698493",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2021-23017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nginx Web Server, Nginx Plus",
"version": {
"version_data": [
{
"version_value": "Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K12331123,",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K12331123,"
},
{
"name": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
"refsource": "MISC",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"name": "[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "FEDORA-2021-b37cffac0d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"
},
{
"name": "FEDORA-2021-393d698493",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210708-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
"assignerShortName": "f5",
"cveId": "CVE-2021-23017",
"datePublished": "2021-06-01T12:28:09.000Z",
"dateReserved": "2021-01-06T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:58:26.413Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2024-AVI-0866
Vulnerability from certfr_avis - Published: 2024-10-10 - Updated: 2024-10-10
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Les versions suivantes de Junos OS et Junos OS Evolved sont à paraître : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions antérieures à 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO | ||
| Juniper Networks | N/A | Junos Space 24.1R1 sans le correctif de sécurité Patch V1 et V2 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S1, 21.2R3-S7, 21.2R3-S8, 21.3R3, 21.3R3-S1, 21.4R2, 21.4R3, 21.4R3-S6, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.1R1, 22.1R2, 22.1R3-S5, 22.1R3-S6, 22.2R1-S2, 22.2R2, 22.2R3-S3, 22.2R3-S4, 22.2R3-S5, 22.3R1, 22.3R3-S2, 22.3R3-S3, 22.3R3-S4, 22.4R3, 22.4R3-S2, 22.4R3-S3, 22.4R3-S4, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S2, 23.4R1, 23.4R1-S2, 23.4R2, 23.4R2-S1, 24.1R1, 24.2R1, 24.2R1-S1 et 24.2R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S9-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 21.4R3-S8-EVO, 21.4R3-S9-EVO, 22.1R3-S5-EVO, 22.1R3-S6-EVO, 22.2R3-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.3R3-S4-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 22.4R3-S3-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S2-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S1-EVO, 24.2R1-EVO, 24.2R1-EVO et 24.2R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space 24.1R1 sans le correctif de s\u00e9curit\u00e9 Patch V1 et V2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "Les versions suivantes de Junos OS et Junos OS Evolved sont \u00e0 para\u00eetre : 22.2R3-S5, 22.3R3-S4, 24.2R2, 24.4R1, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 24.2R2-EVO et 24.4R1-EVO",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2016-1247",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1247"
},
{
"name": "CVE-2024-47501",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47501"
},
{
"name": "CVE-2024-47496",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47496"
},
{
"name": "CVE-2023-51385",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51385"
},
{
"name": "CVE-2024-47493",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47493"
},
{
"name": "CVE-2024-39515",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39515"
},
{
"name": "CVE-2021-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3618"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2023-3823",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3823"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-39525",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39525"
},
{
"name": "CVE-2024-47498",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47498"
},
{
"name": "CVE-2016-0746",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0746"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2017-20005",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-20005"
},
{
"name": "CVE-2024-39544",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39544"
},
{
"name": "CVE-2016-4450",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4450"
},
{
"name": "CVE-2023-0568",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0568"
},
{
"name": "CVE-2024-47489",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47489"
},
{
"name": "CVE-2022-41741",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41741"
},
{
"name": "CVE-2024-47494",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47494"
},
{
"name": "CVE-2024-39534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39534"
},
{
"name": "CVE-2024-47499",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47499"
},
{
"name": "CVE-2022-41742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41742"
},
{
"name": "CVE-2024-39526",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39526"
},
{
"name": "CVE-2024-39547",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39547"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2024-47495",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47495"
},
{
"name": "CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"name": "CVE-2016-0747",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0747"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2024-47490",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47490"
},
{
"name": "CVE-2018-16845",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16845"
},
{
"name": "CVE-2024-47491",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47491"
},
{
"name": "CVE-2017-7529",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7529"
},
{
"name": "CVE-2024-39527",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39527"
},
{
"name": "CVE-2024-39563",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39563"
},
{
"name": "CVE-2024-47502",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47502"
},
{
"name": "CVE-2024-39516",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39516"
},
{
"name": "CVE-2024-47503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47503"
},
{
"name": "CVE-2023-0567",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0567"
},
{
"name": "CVE-2024-47506",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47506"
},
{
"name": "CVE-2023-0662",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0662"
},
{
"name": "CVE-2024-4741",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
},
{
"name": "CVE-2016-0742",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0742"
},
{
"name": "CVE-2024-47504",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47504"
},
{
"name": "CVE-2023-3824",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-3824"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-2511",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
},
{
"name": "CVE-2024-47507",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47507"
},
{
"name": "CVE-2024-47497",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47497"
}
],
"initial_release_date": "2024-10-10T00:00:00",
"last_revision_date": "2024-10-10T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0866",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88112",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-c-ares-1-18-1"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88121",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Due-to-a-race-condition-AgentD-process-causes-a-memory-corruption-and-FPC-reset-CVE-2024-47494"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88104",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-Low-privileged-user-able-to-access-sensitive-information-on-file-system-CVE-2024-39527"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88107",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-resolved-in-OpenSSL"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88105",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Connections-to-the-network-and-broadcast-address-accepted-CVE-2024-39534"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88134",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5000-Series-Receipt-of-a-specific-malformed-packet-will-cause-a-flowd-crash-CVE-2024-47504"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88123",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX-Series-The-PFE-will-crash-on-running-specific-command-CVE-2024-47496"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88128",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-QFX5000-Series-Configured-MAC-learning-and-move-limits-are-not-in-effect-CVE-2024-47498"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88106",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Low-privileged-local-user-able-to-view-NETCONF-traceoptions-files-CVE-2024-39544"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88136",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-Specific-low-privileged-CLI-commands-and-SNMP-GET-requests-can-trigger-a-resource-leak"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88110",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-Remote-Command-Execution-RCE-vulnerability-in-web-application-CVE-2024-39563"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88122",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-In-a-dual-RE-scenario-a-locally-authenticated-attacker-with-shell-privileges-can-take-over-the-device-CVE-2024-47495"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88124",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-QFX-Series-MX-Series-and-EX-Series-Receiving-specific-HTTPS-traffic-causes-resource-exhaustion-CVE-2024-47497"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88111",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-Series-Receipt-of-specific-transit-protocol-packets-is-incorrectly-processed-by-the-RE-CVE-2024-47489"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88108",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-cRPD-Receipt-of-crafted-TCP-traffic-can-trigger-high-CPU-utilization-CVE-2024-39547"
},
{
"published_at": "2024-10-16",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88100",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specifically-malformed-BGP-packet-causes-RPD-crash-when-segment-routing-is-enabled-CVE-2024-39516"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88131",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-MX304-MX-with-MPC10-11-LC9600-and-EX9200-with-EX9200-15C-In-a-VPLS-or-Junos-Fusion-scenario-specific-show-commands-cause-an-FPC-crash-CVE-2024-47501"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88099",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-traceoptions-enabled-receipt-of-specially-crafted-BGP-update-causes-RPD-crash-CVE-2024-39515"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88135",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-OSS-component-nginx-resolved"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88102",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-nexthop-traceoptions-is-enabled-receipt-of-specially-crafted-BGP-packet-causes-RPD-crash-CVE-2024-39525"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88116",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-malformed-BGP-path-attribute-leads-to-an-RPD-crash-CVE-2024-47491"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88097",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-Space-OS-command-injection-vulnerability-in-OpenSSH-CVE-2023-51385"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88133",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX4600-and-SRX5000-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2024-47503"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88137",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX-Series-A-large-amount-of-traffic-being-processed-by-ATP-Cloud-can-lead-to-a-PFE-crash-CVE-2024-47506"
},
{
"published_at": "2024-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88119",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-SRX5K-SRX4600-and-MX-Series-Trio-based-FPCs-Continuous-physical-interface-flaps-causes-local-FPC-to-crash-CVE-2024-47493"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88103",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-MX-Series-with-MPC10-MPC11-LC9600-MX304-EX9200-PTX-Series-Receipt-of-malformed-DHCP-packets-causes-interfaces-to-stop-processing-packets-CVE-2024-39526"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88138",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-message-containing-aggregator-attribute-with-an-ASN-value-of-zero-0-is-accepted-CVE-2024-47507"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88129",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-a-BMP-scenario-receipt-of-a-malformed-AS-PATH-attribute-can-cause-an-RPD-core-CVE-2024-47499"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88115",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-ACX-7000-Series-Receipt-of-specific-transit-MPLS-packets-causes-resources-to-be-exhausted-CVE-2024-47490"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88120",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-J-Web-Multiple-vulnerabilities-resolved-in-PHP-software"
},
{
"published_at": "2024-10-09",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA88132",
"url": "https://supportportal.juniper.net/s/article/2024-10-Security-Bulletin-Junos-OS-Evolved-TCP-session-state-is-not-always-cleared-on-the-Routing-Engine-CVE-2024-47502"
}
]
}
CERTFR-2022-AVI-351
Vulnerability from certfr_avis - Published: 2022-04-15 - Updated: 2022-04-15
De multiples vulnérabilités ont été découvertes dans les logiciels Juniper . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Networking versions antérieures à 2011.L4 et 21.3 | ||
| Juniper Networks | N/A | JIMS versions antérieures à 1.4.0 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.3.x | ||
| Juniper Networks | Secure Analytics | Secure Analytics versions 7.4.x anttérieures à 7.4.2 FixPack 2 | ||
| Juniper Networks | Secure Analytics | Secure Analytics versions 7.3.x antérieures à 7.3.3 FixPack 7 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.1.x | ||
| Juniper Networks | N/A | Contrail Service Orchestration versions 6.0.x antérieures à 6.0.0 Patch v3 | ||
| Juniper Networks | N/A | Paragon Active Assurance versions 3.2.x |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Networking versions ant\u00e9rieures \u00e0 2011.L4 et 21.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "JIMS versions ant\u00e9rieures \u00e0 1.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics versions 7.4.x antt\u00e9rieures \u00e0 7.4.2 FixPack 2",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Secure Analytics versions 7.3.x ant\u00e9rieures \u00e0 7.3.3 FixPack 7",
"product": {
"name": "Secure Analytics",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.1.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contrail Service Orchestration versions 6.0.x ant\u00e9rieures \u00e0 6.0.0 Patch v3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Paragon Active Assurance versions 3.2.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-34552",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34552"
},
{
"name": "CVE-2020-7774",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7774"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2021-25289",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25289"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2021-3560",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3560"
},
{
"name": "CVE-2015-8315",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8315"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2022-22190",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22190"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2021-31597",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31597"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2022-22189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22189"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2020-35654",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35654"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-22187",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22187"
}
],
"initial_release_date": "2022-04-15T00:00:00",
"last_revision_date": "2022-04-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-351",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les logiciels\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les logiciels Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69504 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Juniper-Secure-Analytics-JSA-Series-Heap-Based-Buffer-Overflow-in-Sudo-CVE-2021-3156?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69495 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-JIMS-Local-Privilege-Escalation-vulnerability-via-repair-functionality-CVE-2022-22187?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69506 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Local-Privilege-Escalation-in-polkits-pkexec-CVE-2021-4034?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69498 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Service-Orchestration-An-authenticated-local-user-may-have-their-permissions-elevated-via-the-device-via-management-interface-without-authentication-CVE-2022-22189?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69507 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-3-CVE-yyyy-nnnn?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69500 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Paragon-Active-Assurance-Control-Center-Information-disclosure-vulnerability-in-crafted-URL-CVE-2022-22190?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69510 du 13 avril 2022",
"url": "https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-release-2011-L4?language=en_US"
}
]
}
CERTFR-2023-AVI-0051
Vulnerability from certfr_avis - Published: 2023-01-23 - Updated: 2023-01-23
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | NorthStar Controller versions antérieures à 6.2.3 | ||
| Juniper Networks | N/A | Contrail Cloud versions antérieures à 13.7.0 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO | ||
| Juniper Networks | N/A | Juniper Networks Contrail Service Orchestration (CSO) versions antérieures à 6.3.0 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.3R1 | ||
| Juniper Networks | N/A | Cloud Native Contrail Networking versions antérieures à R22.3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NorthStar Controller versions ant\u00e9rieures \u00e0 6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Contrail Cloud versions ant\u00e9rieures \u00e0 13.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.2R3-EVO, 19.3R3-EVO, 19.4R3-EVO, 20.1R3-EVO, 20.2R2-EVO, 20.3R1-EVO, 20.4R2-EVO, 20.4R3-S3-EVO, 20.4R3-S4-EVO, 21.1R2-EVO, 21.2R1-EVO, 21.2R3-S4-EVO, 21.3R2-EVO, 21.3R3-EVO, 21.3R3-S1-EVO, 21.4R1-EVO, 21.4R2-EVO, 21.4R2-S1-EVO, 21.4R2-S2-EVO, 21.4R3-EVO, 22.1R1-EVO, 22.1R1-S2-EVO, 22.1R2-EVO, 22.1R3-EVO, 22.2R1-EVO, 22.2R1-S1-EVO, 22.2R2-EVO et 22.3R1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 15.1R7-S12, 18.4R2-S7, 19.1R3-S2, 19.1R3-S9, 19.2R1-S9, 19.2R3, 19.2R3-S5, 19.2R3-S6, 19.3R3, 19.3R3-S6, 19.3R3-S7, 19.4R2-S7, 19.4R2-S8, 19.4R3, 19.4R3-S10, 19.4R3-S8, 19.4R3-S9, 20.1R2, 20.1R3-S4, 20.2R2, 20.2R3-S5, 20.2R3-S6, 20.2R3-S7, 20.3R1, 20.3R3-S4, 20.3R3-S5, 20.3R3-S6, 20.4R1, 20.4R3-S3, 20.4R3-S4, 20.4R3-S5, 21.1R1-S1, 21.1R2, 21.1R3, 21.1R3-S3, 21.1R3-S4, 21.1R3-S5, 21.2R1, 21.2R3, 21.2R3-S1, 21.2R3-S2, 21.2R3-S3, 21.3R2, 21.3R3, 21.3R3-S1, 21.3R3-S2, 21.3R3-S3, 21.4R2, 21.4R2-S1, 21.4R2-S2, 21.4R3, 21.4R3-S1, 21.4R3-S2, 22.1R1, 22.1R1-S2, 22.1R2, 22.1R2-S1, 22.1R2-S2, 22.1R3, 22.1R3-S1, 22.2R1, 22.2R1-S1, 22.2R1-S2, 22.2R2, 22.2R3, 22.3R1, 22.3R1-S1, 22.3R2 et 22.4R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.3R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Cloud Native Contrail Networking versions ant\u00e9rieures \u00e0 R22.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-40085",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40085"
},
{
"name": "CVE-2022-1473",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2023-22403",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22403"
},
{
"name": "CVE-2020-8696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8696"
},
{
"name": "CVE-2020-14803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14803"
},
{
"name": "CVE-2023-22393",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22393"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2021-45960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
},
{
"name": "CVE-2023-22407",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22407"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2023-22394",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22394"
},
{
"name": "CVE-2020-8695",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8695"
},
{
"name": "CVE-2021-30465",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30465"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2023-22404",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22404"
},
{
"name": "CVE-2020-14562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14562"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2021-33034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33034"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2021-2163",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2163"
},
{
"name": "CVE-2023-22405",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22405"
},
{
"name": "CVE-2022-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
},
{
"name": "CVE-2021-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2161"
},
{
"name": "CVE-2021-2341",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2341"
},
{
"name": "CVE-2020-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0466"
},
{
"name": "CVE-2021-26691",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26691"
},
{
"name": "CVE-2021-27219",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27219"
},
{
"name": "CVE-2022-38178",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38178"
},
{
"name": "CVE-2023-22409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22409"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2021-2160",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2160"
},
{
"name": "CVE-2023-22416",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22416"
},
{
"name": "CVE-2020-14797",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14797"
},
{
"name": "CVE-2020-14798",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14798"
},
{
"name": "CVE-2021-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29154"
},
{
"name": "CVE-2020-15778",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15778"
},
{
"name": "CVE-2007-6755",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-6755"
},
{
"name": "CVE-2022-21299",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21299"
},
{
"name": "CVE-2022-38177",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38177"
},
{
"name": "CVE-2021-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2180"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2021-2385",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2385"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2022-21624",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21624"
},
{
"name": "CVE-2021-2194",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2194"
},
{
"name": "CVE-2022-21305",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21305"
},
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2020-14792",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14792"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2022-25315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
},
{
"name": "CVE-2022-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
},
{
"name": "CVE-2018-8046",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8046"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2021-2202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2202"
},
{
"name": "CVE-2023-22402",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22402"
},
{
"name": "CVE-2022-21626",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21626"
},
{
"name": "CVE-2021-3450",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3450"
},
{
"name": "CVE-2020-14781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14781"
},
{
"name": "CVE-2021-2307",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2307"
},
{
"name": "CVE-2023-22400",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22400"
},
{
"name": "CVE-2021-27363",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27363"
},
{
"name": "CVE-2022-21366",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21366"
},
{
"name": "CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2021-3573",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3573"
},
{
"name": "CVE-2022-21291",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21291"
},
{
"name": "CVE-2021-39275",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
},
{
"name": "CVE-2021-27364",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27364"
},
{
"name": "CVE-2021-2146",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2146"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2021-2432",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2432"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2021-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2174"
},
{
"name": "CVE-2020-0549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0549"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2022-23852",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
},
{
"name": "CVE-2022-2526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-2526"
},
{
"name": "CVE-2020-12364",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12364"
},
{
"name": "CVE-2022-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
},
{
"name": "CVE-2021-4083",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4083"
},
{
"name": "CVE-2023-22397",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22397"
},
{
"name": "CVE-2020-14796",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14796"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-0330",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0330"
},
{
"name": "CVE-2019-1543",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1543"
},
{
"name": "CVE-2021-2389",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2389"
},
{
"name": "CVE-2020-8698",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2021-27365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27365"
},
{
"name": "CVE-2020-8648",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8648"
},
{
"name": "CVE-2022-21628",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21628"
},
{
"name": "CVE-2022-25235",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
},
{
"name": "CVE-2020-27170",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27170"
},
{
"name": "CVE-2023-22399",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22399"
},
{
"name": "CVE-2021-2369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2369"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2021-2390",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2390"
},
{
"name": "CVE-2021-2144",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2144"
},
{
"name": "CVE-2022-32250",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32250"
},
{
"name": "CVE-2021-2154",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2154"
},
{
"name": "CVE-2023-22398",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22398"
},
{
"name": "CVE-2021-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2020-14581",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14581"
},
{
"name": "CVE-2020-12363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12363"
},
{
"name": "CVE-2021-2162",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2162"
},
{
"name": "CVE-2021-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2388"
},
{
"name": "CVE-2023-22401",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22401"
},
{
"name": "CVE-2022-22942",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22942"
},
{
"name": "CVE-2023-22396",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22396"
},
{
"name": "CVE-2021-2171",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2171"
},
{
"name": "CVE-2021-34798",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
},
{
"name": "CVE-2020-24489",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24489"
},
{
"name": "CVE-2023-22417",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22417"
},
{
"name": "CVE-2021-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2178"
},
{
"name": "CVE-2020-14573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14573"
},
{
"name": "CVE-2022-21365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21365"
},
{
"name": "CVE-2020-24513",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24513"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
},
{
"name": "CVE-2022-21283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21283"
},
{
"name": "CVE-2022-21449",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21449"
},
{
"name": "CVE-2022-1271",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1271"
},
{
"name": "CVE-2021-22543",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22543"
},
{
"name": "CVE-2020-14782",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14782"
},
{
"name": "CVE-2020-35498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35498"
},
{
"name": "CVE-2023-22406",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22406"
},
{
"name": "CVE-2021-33909",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33909"
},
{
"name": "CVE-2020-27827",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27827"
},
{
"name": "CVE-2023-22391",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22391"
},
{
"name": "CVE-2019-20934",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20934"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2021-29650",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29650"
},
{
"name": "CVE-2021-3715",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3715"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2021-4155",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4155"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2023-22412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22412"
},
{
"name": "CVE-2021-3564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3564"
},
{
"name": "CVE-2021-3621",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3621"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2021-3156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3156"
},
{
"name": "CVE-2022-21294",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21294"
},
{
"name": "CVE-2021-3752",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3752"
},
{
"name": "CVE-2023-22415",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22415"
},
{
"name": "CVE-2022-29154",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29154"
},
{
"name": "CVE-2020-14779",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14779"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2022-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0492"
},
{
"name": "CVE-2022-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2007-2285",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2285"
},
{
"name": "CVE-2020-28196",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28196"
},
{
"name": "CVE-2020-12362",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12362"
},
{
"name": "CVE-2021-22555",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22555"
},
{
"name": "CVE-2022-21341",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21341"
},
{
"name": "CVE-2021-3347",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3347"
},
{
"name": "CVE-2022-25236",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
},
{
"name": "CVE-2022-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
},
{
"name": "CVE-2021-37576",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37576"
},
{
"name": "CVE-2020-26137",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26137"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-2226",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2226"
},
{
"name": "CVE-2023-22410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22410"
},
{
"name": "CVE-2021-0920",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-0920"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2023-22408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22408"
},
{
"name": "CVE-2022-21340",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21340"
},
{
"name": "CVE-2021-2342",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2342"
},
{
"name": "CVE-2022-22720",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22720"
},
{
"name": "CVE-2022-21293",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21293"
},
{
"name": "CVE-2022-21549",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21549"
},
{
"name": "CVE-2020-14871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14871"
},
{
"name": "CVE-2022-21282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21282"
},
{
"name": "CVE-2022-21349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21349"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2021-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2179"
},
{
"name": "CVE-2021-3504",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3504"
},
{
"name": "CVE-2021-2169",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2169"
},
{
"name": "CVE-2023-22414",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22414"
},
{
"name": "CVE-2022-21248",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21248"
},
{
"name": "CVE-2023-22411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22411"
},
{
"name": "CVE-2020-14145",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14145"
},
{
"name": "CVE-2022-21277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21277"
},
{
"name": "CVE-2021-32399",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32399"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2022-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2020-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24512"
},
{
"name": "CVE-2022-21496",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21496"
},
{
"name": "CVE-2020-11668",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11668"
},
{
"name": "CVE-2019-11287",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11287"
},
{
"name": "CVE-2021-44790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44790"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2020-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-24511"
},
{
"name": "CVE-2021-33033",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33033"
},
{
"name": "CVE-2021-4028",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4028"
},
{
"name": "CVE-2022-21443",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21443"
},
{
"name": "CVE-2021-3765",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3765"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-40438",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
},
{
"name": "CVE-2020-0543",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0543"
},
{
"name": "CVE-2021-4034",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
},
{
"name": "CVE-2022-24903",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24903"
},
{
"name": "CVE-2022-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
},
{
"name": "CVE-2019-1551",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
},
{
"name": "CVE-2016-8743",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8743"
},
{
"name": "CVE-2021-2372",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2372"
},
{
"name": "CVE-2022-21619",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21619"
},
{
"name": "CVE-2021-25217",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25217"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2020-0548",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0548"
},
{
"name": "CVE-2020-28469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28469"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2020-0465",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-0465"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2021-2166",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-2166"
},
{
"name": "CVE-2022-21360",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21360"
},
{
"name": "CVE-2022-21296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21296"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2023-22413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22413"
},
{
"name": "CVE-2023-22395",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-22395"
},
{
"name": "CVE-2021-35940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35940"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
}
],
"initial_release_date": "2023-01-23T00:00:00",
"last_revision_date": "2023-01-23T00:00:00",
"links": [],
"reference": "CERTFR-2023-AVI-0051",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70195 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10K-Series-PFE-crash-upon-receipt-of-specific-genuine-packets-when-sFlow-is-enabled-CVE-2023-22399?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70183 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Cloud-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Cloud-release-13-7-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70203 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-RPD-crash-can-happen-due-to-an-MPLS-TE-tunnel-configuration-change-on-a-directly-connected-router-CVE-2023-22407?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70192 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Receipt-of-crafted-TCP-packets-on-Ethernet-console-port-results-in-MBUF-leak-leading-to-Denial-of-Service-DoS-CVE-2023-22396?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70213 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-A-memory-leak-might-be-observed-in-IPsec-VPN-scenario-leading-to-an-FPC-crash-CVE-2023-22417?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70193 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-PTX10003-An-attacker-sending-specific-genuine-packets-will-cause-a-memory-leak-in-the-PFE-leading-to-a-Denial-of-Service-CVE-2023-22397?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70181 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-might-crash-when-MPLS-ping-is-performed-on-BGP-LSPs-CVE-2023-22398?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70186 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70179 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Northstar-Controller-Pivotal-RabbitMQ-contains-a-web-management-plugin-that-is-vulnerable-to-a-Denial-of-Service-DoS-attack-CVE-2019-11287?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70208 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flowd-daemon-will-crash-if-the-SIP-ALG-is-enabled-and-specific-SIP-messages-are-processed-CVE-2023-22412?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70201 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX5k-Series-EX46xx-Series-MAC-limiting-feature-stops-working-after-PFE-restart-device-reboot--CVE-2023-22405?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70209 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-FPC-crash-when-an-IPsec6-tunnel-processes-specific-IPv4-packets-CVE-2023-22413?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70187 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-ACX2K-Series-Receipt-of-a-high-rate-of-specific-traffic-will-lead-to-a-Denial-of-Service-DoS-CVE-2023-22391?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70199 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-QFX10k-Series-ICCP-flap-will-be-observed-due-to-excessive-specific-traffic-CVE-2023-22403?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70180 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-OpenSSL-Infinite-loop-in-BN-mod-sqrt-reachable-when-parsing-certificates-CVE-2022-0778?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70198 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-The-kernel-might-restart-in-a-BGP-scenario-where-bgp-auto-discovery-is-enabled-and-such-a-neighbor-flaps-CVE-2023-22402?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70196 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-Evolved-A-specific-SNMP-GET-operation-and-a-specific-CLI-commands-cause-resources-to-leak-and-eventually-the-evo-pfemand-process-will-crash-CVE-2023-22400?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70197 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-PTX10008-PTX10016-When-a-specific-SNMP-MIB-is-queried-the-FPC-will-crash-CVE-2023-22401?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70202 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-memory-leak-which-will-ultimately-lead-to-an-rpd-crash-will-be-observed-when-a-peer-interface-flaps-continuously-in-a-Segment-Routing-scenario-CVE-2023-22406?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70190 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Memory-leak-due-to-receipt-of-specially-crafted-SIP-calls-CVE-2023-22394?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70191 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-In-an-MPLS-scenario-the-processing-of-specific-packets-to-the-device-causes-a-buffer-leak-and-ultimately-a-loss-of-connectivity-CVE-2023-22395?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69903 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Contrail-Networking-Multiple-Vulnerabilities-have-been-resolved-in-Contrail-Networking-R22-3?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70204 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-5000-Series-Upon-processing-of-a-specific-SIP-packet-an-FPC-can-crash-CVE-2023-22408?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70200 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-with-SPC3-When-IPsec-VPN-is-configured-iked-will-core-when-a-specifically-formatted-payload-is-received-CVE-2023-22404?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70212 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-if-SIP-ALG-is-enabled-and-a-malicious-SIP-packet-is-received-CVE-2023-22416?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70185 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-3R1-release?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70211 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-The-flow-processing-daemon-flowd-will-crash-when-a-specific-H-323-packet-is-received-CVE-2023-22415?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70210 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-An-FPC-memory-leak-is-observed-when-specific-multicast-packets-are-processed-CVE-2023-22414?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70206 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-MX-Series-with-MPC10-MPC11-When-Suspicious-Control-Flow-Detection-scfd-is-enabled-and-an-attacker-is-sending-specific-traffic-this-causes-a-memory-leak-CVE-2023-22410?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70205 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-SPC3-When-an-inconsistent-NAT-configuration-exists-and-a-specific-CLI-command-is-issued-the-SPC-will-reboot-CVE-2023-22409?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70182 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Contrail-Service-Orchestration-Multiple-vulnerabilities-resolved-in-CSO-6-3-0?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70189 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-RPD-crash-upon-receipt-of-BGP-route-with-invalid-next-hop-CVE-2023-22393?language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA70207 du 11 janvier 2023",
"url": "https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-SRX-Series-The-flowd-daemon-will-crash-when-Unified-Policies-are-used-with-IPv6-and-certain-dynamic-applications-are-rejected-by-the-device-CVE-2023-22411?language=en_US"
}
]
}
CERTFR-2024-AVI-0940
Vulnerability from certfr_avis - Published: 2024-11-04 - Updated: 2024-11-04
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à l'intégrité des données, une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | MDS-G4020-4XGS Series | MDS-G4020-4XGS Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4012-L3 Series | MDS-G4012-L3 Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4012-L3-4XGS Series | MDS-G4012-L3-4XGS Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4028-L3 Series | MDS-G4028-L3 Series sans les derniers correctifs de sécurité | ||
| Moxa | EDS-G508E Series | EDS-G508E Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4012-4XGS Series | MDS-G4012-4XGS Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4012 Series | MDS-G4012 Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4028-4XGS Series | MDS-G4028-4XGS Series sans les derniers correctifs de sécurité | ||
| Moxa | EDS-G516E Series | EDS-G516E Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4028-L3-4XGS Series | MDS-G4028-L3-4XGS Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4020 Series | MDS-G4020 Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4028 Series | MDS-G4028 Series sans les derniers correctifs de sécurité | ||
| Moxa | EDS-G512E Series | EDS-G512E Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4020-L3-4XGS Series | MDS-G4020-L3-4XGS Series sans les derniers correctifs de sécurité | ||
| Moxa | MDS-G4020-L3 Series | MDS-G4020-L3 Series sans les derniers correctifs de sécurité |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "MDS-G4020-4XGS Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4020-4XGS Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4012-L3 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4012-L3 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4012-L3-4XGS Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4012-L3-4XGS Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4028-L3 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4028-L3 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDS-G508E Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "EDS-G508E Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4012-4XGS Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4012-4XGS Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4012 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4012 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4028-4XGS Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4028-4XGS Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDS-G516E Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "EDS-G516E Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4028-L3-4XGS Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4028-L3-4XGS Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4020 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4020 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4028 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4028 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDS-G512E Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "EDS-G512E Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4020-L3-4XGS Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4020-L3-4XGS Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "MDS-G4020-L3 Series sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "MDS-G4020-L3 Series",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2021-3618",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3618"
},
{
"name": "CVE-2023-44487",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2019-20372",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20372"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
}
],
"initial_release_date": "2024-11-04T00:00:00",
"last_revision_date": "2024-11-04T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0940",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es, une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
"vendor_advisories": [
{
"published_at": "2024-11-04",
"title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-241044",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241044-vulnerabilities-identified-in-mds-g4028-l3-series-and-eds-g512e"
},
{
"published_at": "2024-11-01",
"title": "Bulletin de s\u00e9curit\u00e9 Moxa mpsa-244252",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-244252-multiple-moxa-ethernet-switches-affected-by-cve-2023-48795-and-cve-2019-20372"
}
]
}
CERTFR-2022-AVI-650
Vulnerability from certfr_avis - Published: 2022-07-15 - Updated: 2022-07-15
De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.1.x aantérieures à 21.1R3-S1-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 18.3.x antérieures à 18.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions 17.3.x antérieures à 17.3R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4.x antérieures à 21.4R1-S2, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.2.x antérieures à 19.2R1-S8, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.3.x antérieures à 21.3R2-S1-EVO, 21.3R3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.2.x antérieures à 21.2R2-S1, 21.2R3 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 22.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 22.1.x antérieures à 22.1R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | N/A | Junos Space Security Director Policy Enforcer versions antérieures à 22.1R1 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.4.x antérieures à 19.4R2-S6, 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions supérieures à 20.1R1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.1.x antérieures à 19.1R2-S3, 19.1R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1X49, 15.1X49-D100 et suivantes antérieures à 19.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.2.x antérieures à 21.2R1-S1-EVO, 21.2R3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.4.x antérieures à 20.4R3-S2, 20.4R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.1.x antérieures à 21.1R2, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.2.x antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.1.x antérieures à 21.1R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.3.x antérieures à 21.3R2-S1, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | N/A | Juniper Networks Contrail Networking versions antérieures à 21.4.0 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 19.4.x antérieures à 19.4R2-S5, 19.4R3-S8 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions antérieures à 5.1.0 Service Pack 6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.4.x antérieures à 20.4R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.2.x antérieures à 21.2R1-S1, 21.2R2, 21.2R3-S1 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.2.x antérieures à 20.2R3-S5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4.x antérieures à 21.4R1-S1-EVO, 21.4R2-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions antérieures à 19.2R1-S9, 19.2R3-S5 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX toutes versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS versions 19.3.x antérieures à 19.3R2-S7, 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 18.4.x antérieures à 18.4R2-S10, 18.4R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.2.x antérieures à 21.2R2-S2, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.1.x antérieures à 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.2.x antérieures à 21.2R2-S3, 21.2R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 15.1.x antérieures à 15.1R7-S10 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions antérieures à 20.4R3-S3-EVO | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes EX versions 21.4.x antérieures à 21.4R1-S1, 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 19.3.x antérieures à 19.3R3-S6 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.3R12-S21 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.3.x antérieures à 21.3R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.4.x antérieures à 20.4R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 19.4.x antérieures à 19.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.1.x antérieures à 20.1R3-S4 | ||
| Juniper Networks | N/A | Contrôleur Juniper Networks NorthStar versions 6.x antérieures à 6.2.2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions antérieures à 19.1R3-S9 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes QFX versions 20.2.x antérieures à 20.2R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.1.x antérieures à 21.1R2-S1, 21.1R3-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 20.3.x antérieures à 20.3R3-S3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes SRX versions 21.3.x antérieures à 21.3R1-S2, 21.3R2, 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 20.3.x antérieures à 20.3R3-S4 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.4.x antérieures à 21.4R2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes MX versions 21.2.x antérieures à 21.2R2-S2 | ||
| Juniper Networks | Junos OS | Junos OS sur plateformes PTX versions 21.3.x antérieures à 21.3R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 20.4.x antérieures à 20.4R2-S2, 20.4R3-S3 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS sur plateformes MX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.1.x aant\u00e9rieures \u00e0 21.1R3-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.3.x ant\u00e9rieures \u00e0 18.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 17.3.x ant\u00e9rieures \u00e0 17.3R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S2, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S8, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1-EVO, 21.3R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S1, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 22.1.x ant\u00e9rieures \u00e0 22.1R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space Security Director Policy Enforcer versions ant\u00e9rieures \u00e0 22.1R1",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S6, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions sup\u00e9rieures \u00e0 20.1R1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.1.x ant\u00e9rieures \u00e0 19.1R2-S3, 19.1R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1X49, 15.1X49-D100 et suivantes ant\u00e9rieures \u00e0 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1-EVO, 21.2R3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.2.x ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.3.x ant\u00e9rieures \u00e0 21.3R2-S1, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 21.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 19.4.x ant\u00e9rieures \u00e0 19.4R2-S5, 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions ant\u00e9rieures \u00e0 5.1.0 Service Pack 6",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.2.x ant\u00e9rieures \u00e0 21.2R1-S1, 21.2R2, 21.2R3-S1",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1-EVO, 21.4R2-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions ant\u00e9rieures \u00e0 19.2R1-S9, 19.2R3-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX toutes versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 19.3.x ant\u00e9rieures \u00e0 19.3R2-S7, 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 18.4.x ant\u00e9rieures \u00e0 18.4R2-S10, 18.4R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.1.x ant\u00e9rieures \u00e0 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S3, 21.2R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 15.1.x ant\u00e9rieures \u00e0 15.1R7-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes EX versions 21.4.x ant\u00e9rieures \u00e0 21.4R1-S1, 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 19.3.x ant\u00e9rieures \u00e0 19.3R3-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S21",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.3.x ant\u00e9rieures \u00e0 21.3R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.4.x ant\u00e9rieures \u00e0 20.4R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 19.4.x ant\u00e9rieures \u00e0 19.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.1.x ant\u00e9rieures \u00e0 20.1R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Contr\u00f4leur Juniper Networks NorthStar versions 6.x ant\u00e9rieures \u00e0 6.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions ant\u00e9rieures \u00e0 19.1R3-S9",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes QFX versions 20.2.x ant\u00e9rieures \u00e0 20.2R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.1.x ant\u00e9rieures \u00e0 21.1R2-S1, 21.1R3-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes SRX versions 21.3.x ant\u00e9rieures \u00e0 21.3R1-S2, 21.3R2, 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 20.3.x ant\u00e9rieures \u00e0 20.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.4.x ant\u00e9rieures \u00e0 21.4R2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes MX versions 21.2.x ant\u00e9rieures \u00e0 21.2R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS sur plateformes PTX versions 21.3.x ant\u00e9rieures \u00e0 21.3R3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 20.4.x ant\u00e9rieures \u00e0 20.4R2-S2, 20.4R3-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-25013",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-25013"
},
{
"name": "CVE-2018-19361",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19361"
},
{
"name": "CVE-2020-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13871"
},
{
"name": "CVE-2015-7036",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7036"
},
{
"name": "CVE-2015-2327",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2327"
},
{
"name": "CVE-2019-17267",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17267"
},
{
"name": "CVE-2020-14621",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14621"
},
{
"name": "CVE-2018-19362",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19362"
},
{
"name": "CVE-2020-2803",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2803"
},
{
"name": "CVE-2022-22215",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22215"
},
{
"name": "CVE-2015-3308",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3308"
},
{
"name": "CVE-2021-35586",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35586"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2022-22221",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22221"
},
{
"name": "CVE-2018-14719",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14719"
},
{
"name": "CVE-2016-4609",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4609"
},
{
"name": "CVE-2021-35550",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35550"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2020-13434",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13434"
},
{
"name": "CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"name": "CVE-2016-3191",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3191"
},
{
"name": "CVE-2019-1352",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1352"
},
{
"name": "CVE-2021-35567",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35567"
},
{
"name": "CVE-2021-3517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3517"
},
{
"name": "CVE-2020-14579",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14579"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2021-42574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42574"
},
{
"name": "CVE-2017-8105",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8105"
},
{
"name": "CVE-2022-22207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22207"
},
{
"name": "CVE-2016-6318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6318"
},
{
"name": "CVE-2017-5929",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5929"
},
{
"name": "CVE-2022-22218",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22218"
},
{
"name": "CVE-2021-20271",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20271"
},
{
"name": "CVE-2021-36690",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36690"
},
{
"name": "CVE-2020-13632",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13632"
},
{
"name": "CVE-2016-4738",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4738"
},
{
"name": "CVE-2016-10195",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10195"
},
{
"name": "CVE-2017-8804",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8804"
},
{
"name": "CVE-2020-14593",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14593"
},
{
"name": "CVE-2017-10685",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10685"
},
{
"name": "CVE-2017-8287",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8287"
},
{
"name": "CVE-2014-4043",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-4043"
},
{
"name": "CVE-2022-22210",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22210"
},
{
"name": "CVE-2016-7951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7951"
},
{
"name": "CVE-2019-16942",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16942"
},
{
"name": "CVE-2020-2773",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2773"
},
{
"name": "CVE-2017-9117",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9117"
},
{
"name": "CVE-2020-9327",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-9327"
},
{
"name": "CVE-2018-14718",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14718"
},
{
"name": "CVE-2019-17571",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
},
{
"name": "CVE-2015-5602",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5602"
},
{
"name": "CVE-2020-14578",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14578"
},
{
"name": "CVE-2020-2805",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2805"
},
{
"name": "CVE-2020-2830",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2830"
},
{
"name": "CVE-2020-2781",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2781"
},
{
"name": "CVE-2016-7942",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7942"
},
{
"name": "CVE-2017-15412",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15412"
},
{
"name": "CVE-2015-2716",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2716"
},
{
"name": "CVE-2020-14556",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14556"
},
{
"name": "CVE-2015-7705",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7705"
},
{
"name": "CVE-2020-36385",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36385"
},
{
"name": "CVE-2018-19360",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19360"
},
{
"name": "CVE-2017-17434",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17434"
},
{
"name": "CVE-2017-15994",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15994"
},
{
"name": "CVE-2020-25704",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25704"
},
{
"name": "CVE-2014-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9488"
},
{
"name": "CVE-2015-2059",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2059"
},
{
"name": "CVE-2019-16335",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16335"
},
{
"name": "CVE-2015-1283",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1283"
},
{
"name": "CVE-2019-1349",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1349"
},
{
"name": "CVE-2019-9893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9893"
},
{
"name": "CVE-2022-21304",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21304"
},
{
"name": "CVE-2020-1971",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1971"
},
{
"name": "CVE-2016-7950",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7950"
},
{
"name": "CVE-2014-6272",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-6272"
},
{
"name": "CVE-2018-7489",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7489"
},
{
"name": "CVE-2020-13630",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13630"
},
{
"name": "CVE-2020-14363",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14363"
},
{
"name": "CVE-2016-5300",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5300"
},
{
"name": "CVE-2019-14893",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14893"
},
{
"name": "CVE-2014-9746",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9746"
},
{
"name": "CVE-2003-0001",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0001"
},
{
"name": "CVE-2015-8947",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8947"
},
{
"name": "CVE-2018-8088",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8088"
},
{
"name": "CVE-2017-10684",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10684"
},
{
"name": "CVE-2015-8035",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8035"
},
{
"name": "CVE-2020-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10878"
},
{
"name": "CVE-2021-35559",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35559"
},
{
"name": "CVE-2013-7422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7422"
},
{
"name": "CVE-2014-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9474"
},
{
"name": "CVE-2016-9063",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9063"
},
{
"name": "CVE-2019-1354",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1354"
},
{
"name": "CVE-2021-35565",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35565"
},
{
"name": "CVE-2022-21303",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21303"
},
{
"name": "CVE-2016-4658",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4658"
},
{
"name": "CVE-2022-22204",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22204"
},
{
"name": "CVE-2020-25696",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25696"
},
{
"name": "CVE-2020-11656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11656"
},
{
"name": "CVE-2016-7947",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7947"
},
{
"name": "CVE-2021-22946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22946"
},
{
"name": "CVE-2021-35603",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35603"
},
{
"name": "CVE-2012-0876",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0876"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2017-14062",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14062"
},
{
"name": "CVE-2020-2754",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2754"
},
{
"name": "CVE-2020-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
},
{
"name": "CVE-2014-5044",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-5044"
},
{
"name": "CVE-2017-14867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
},
{
"name": "CVE-2018-14567",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14567"
},
{
"name": "CVE-2016-2124",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2124"
},
{
"name": "CVE-2022-21270",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21270"
},
{
"name": "CVE-2017-5225",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5225"
},
{
"name": "CVE-2021-3520",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3520"
},
{
"name": "CVE-2020-10029",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-10029"
},
{
"name": "CVE-2015-8388",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8388"
},
{
"name": "CVE-2019-8457",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-8457"
},
{
"name": "CVE-2016-7949",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7949"
},
{
"name": "CVE-2016-2779",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2779"
},
{
"name": "CVE-2022-22205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22205"
},
{
"name": "CVE-2017-7375",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7375"
},
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
},
{
"name": "CVE-2017-8421",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8421"
},
{
"name": "CVE-2020-15358",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
},
{
"name": "CVE-2018-1000654",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000654"
},
{
"name": "CVE-2014-9114",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9114"
},
{
"name": "CVE-2016-4610",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4610"
},
{
"name": "CVE-2019-1350",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1350"
},
{
"name": "CVE-2019-16943",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16943"
},
{
"name": "CVE-2021-35588",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35588"
},
{
"name": "CVE-2021-23839",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23839"
},
{
"name": "CVE-2022-22213",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22213"
},
{
"name": "CVE-2020-15999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15999"
},
{
"name": "CVE-2016-1951",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1951"
},
{
"name": "CVE-2014-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9471"
},
{
"name": "CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"name": "CVE-2017-14930",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-14930"
},
{
"name": "CVE-2015-5228",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5228"
},
{
"name": "CVE-2019-20330",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20330"
},
{
"name": "CVE-2019-17531",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-17531"
},
{
"name": "CVE-2017-7614",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7614"
},
{
"name": "CVE-2021-28950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-28950"
},
{
"name": "CVE-2020-36322",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36322"
},
{
"name": "CVE-2022-22216",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22216"
},
{
"name": "CVE-2015-7805",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7805"
},
{
"name": "CVE-2016-4612",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4612"
},
{
"name": "CVE-2015-8385",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8385"
},
{
"name": "CVE-2015-8394",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8394"
},
{
"name": "CVE-2021-42739",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-42739"
},
{
"name": "CVE-2020-27619",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-27619"
},
{
"name": "CVE-2015-8391",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8391"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2019-9169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9169"
},
{
"name": "CVE-2015-8386",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8386"
},
{
"name": "CVE-2017-11164",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-11164"
},
{
"name": "CVE-2022-22212",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22212"
},
{
"name": "CVE-2020-1968",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1968"
},
{
"name": "CVE-2022-22206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22206"
},
{
"name": "CVE-2020-29573",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-29573"
},
{
"name": "CVE-2017-1000368",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000368"
},
{
"name": "CVE-2020-2755",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2755"
},
{
"name": "CVE-2017-7500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7500"
},
{
"name": "CVE-2015-8380",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8380"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2019-1387",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1387"
},
{
"name": "CVE-2016-9539",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9539"
},
{
"name": "CVE-2015-8387",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8387"
},
{
"name": "CVE-2020-8840",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8840"
},
{
"name": "CVE-2016-2516",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2516"
},
{
"name": "CVE-2016-7944",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7944"
},
{
"name": "CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"name": "CVE-2017-13716",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13716"
},
{
"name": "CVE-2016-4607",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4607"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2020-13631",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13631"
},
{
"name": "CVE-2021-35578",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35578"
},
{
"name": "CVE-2021-3487",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3487"
},
{
"name": "CVE-2020-14583",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14583"
},
{
"name": "CVE-2018-9251",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9251"
},
{
"name": "CVE-2017-12562",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12562"
},
{
"name": "CVE-2015-6525",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6525"
},
{
"name": "CVE-2020-2800",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2800"
},
{
"name": "CVE-2018-14720",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14720"
},
{
"name": "CVE-2016-2052",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2052"
},
{
"name": "CVE-2015-8540",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8540"
},
{
"name": "CVE-2021-3712",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3712"
},
{
"name": "CVE-2022-22202",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22202"
},
{
"name": "CVE-2017-16931",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16931"
},
{
"name": "CVE-2016-5180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5180"
},
{
"name": "CVE-2019-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9518"
},
{
"name": "CVE-2016-7943",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7943"
},
{
"name": "CVE-2020-11655",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11655"
},
{
"name": "CVE-2017-15095",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15095"
},
{
"name": "CVE-2019-14540",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14540"
},
{
"name": "CVE-2021-33574",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33574"
},
{
"name": "CVE-2018-14721",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14721"
},
{
"name": "CVE-2018-14404",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14404"
},
{
"name": "CVE-2019-18276",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18276"
},
{
"name": "CVE-2015-2328",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-2328"
},
{
"name": "CVE-2021-20227",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-20227"
},
{
"name": "CVE-2021-35564",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35564"
},
{
"name": "CVE-2016-4608",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4608"
},
{
"name": "CVE-2019-9924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9924"
},
{
"name": "CVE-2022-21344",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21344"
},
{
"name": "CVE-2018-11307",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11307"
},
{
"name": "CVE-2021-23840",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23840"
},
{
"name": "CVE-2022-21367",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21367"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2017-17485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17485"
},
{
"name": "CVE-2022-22209",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22209"
},
{
"name": "CVE-2022-22217",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22217"
},
{
"name": "CVE-2017-16548",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16548"
},
{
"name": "CVE-2020-2757",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2757"
},
{
"name": "CVE-2015-8390",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8390"
},
{
"name": "CVE-2016-7948",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7948"
},
{
"name": "CVE-2021-35556",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35556"
},
{
"name": "CVE-2015-4042",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4042"
},
{
"name": "CVE-2019-14379",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14379"
},
{
"name": "CVE-2017-8779",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8779"
},
{
"name": "CVE-2020-25717",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25717"
},
{
"name": "CVE-2021-23841",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
},
{
"name": "CVE-2021-41617",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41617"
},
{
"name": "CVE-2017-1000158",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000158"
},
{
"name": "CVE-2020-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
},
{
"name": "CVE-2018-6954",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6954"
},
{
"name": "CVE-2017-0553",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0553"
},
{
"name": "CVE-2016-1238",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1238"
},
{
"name": "CVE-2016-4484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4484"
},
{
"name": "CVE-2016-9538",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9538"
},
{
"name": "CVE-2020-2756",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-2756"
},
{
"name": "CVE-2021-35561",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35561"
},
{
"name": "CVE-2022-22203",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22203"
},
{
"name": "CVE-2017-10989",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10989"
},
{
"name": "CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"name": "CVE-2022-21245",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21245"
},
{
"name": "CVE-2020-12049",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12049"
},
{
"name": "CVE-2014-9939",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-9939"
},
{
"name": "CVE-2017-8871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8871"
},
{
"name": "CVE-2020-13435",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13435"
},
{
"name": "CVE-2021-37750",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37750"
},
{
"name": "CVE-2019-14892",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14892"
},
{
"name": "CVE-2020-14577",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14577"
},
{
"name": "CVE-2022-22214",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22214"
}
],
"initial_release_date": "2022-07-15T00:00:00",
"last_revision_date": "2022-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-650",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69723 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Security-Director-Policy-Enforcer-upgraded-to-CentOS-7-9"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69722 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-22-2R1-release-CVE-2022-22218"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69713 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-RIB-and-PFEs-can-get-out-of-sync-due-to-a-memory-leak-caused-by-interface-flaps-or-route-churn-CVE-2022-22209"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69710 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-series-The-PFE-will-crash-when-specific-traffic-is-scanned-by-Enhanced-Web-Filtering-safe-search-CVE-2022-22206"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69717 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Denial-of-Service-DoS-vulnerability-in-RPD-upon-receipt-of-specific-BGP-update-CVE-2022-22213"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69707 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-Receipt-of-specific-traffic-will-lead-to-an-fxpc-process-crash-followed-by-an-FPC-reboot-CVE-2022-22203"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69714 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX5000-Series-and-MX-Series-An-l2alm-crash-leading-to-an-FPC-crash-can-be-observed-in-VxLAN-scenario-CVE-2022-22210"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69718 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-MPLS-scenario-upon-receipt-of-a-specific-IPv6-packet-an-FPC-will-crash-CVE-2022-22214"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69726 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Contrail-Networking-Multiple-vulnerabilities-resolved-in-Contrail-Networking-21-4"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69711 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC11-In-a-GNF-node-slicing-scenario-gathering-AF-interface-statistics-can-lead-to-a-kernel-crash-CVE-2022-22207"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69715 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-OpenSSL-security-fixes"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69708 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-MX-Series-and-SRX-Series-When-receiving-a-specific-SIP-packets-stale-call-table-entries-are-created-which-eventually-leads-to-a-DoS-for-all-SIP-traffic-CVE-2022-22204"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69716 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-Evolved-A-high-rate-of-specific-hostbound-traffic-will-cause-unexpected-hostbound-traffic-delays-or-drops-CVE-2022-22212"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69719 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-var-run-pid-env-files-are-potentially-not-deleted-during-termination-of-a-gRPC-connection-causing-inode-exhaustion-CVE-2022-22215"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69703 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Northstar-Controller-nginx-component-allows-remote-attacker-to-cause-worker-process-crash-or-potentially-arbitrary-code-execution-CVE-2021-23017-2"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69721 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-QFX10k-Series-Denial-of-Service-DoS-upon-receipt-of-crafted-MLD-packets-on-multi-homing-ESI-in-VXLAN-CVE-2022-22217"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69720 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-Etherleak-memory-disclosure-in-Ethernet-padding-data-CVE-2022-22216"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69725 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-and-EX-Series-Local-privilege-escalation-flaw-in-download-functionality-CVE-2022-22221"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69705 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-in-SQLite-resolved"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69709 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-SRX-Series-An-FPC-memory-leak-can-occur-in-an-APBR-scenario-CVE-2022-22205"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA69706 du 13 juillet 2022",
"url": "https://supportportal.juniper.net/s/article/2022-07-Security-Bulletin-Junos-OS-PTX-Series-FPCs-may-restart-unexpectedly-upon-receipt-of-specific-MPLS-packets-with-certain-multi-unit-interface-configurations-CVE-2022-22202"
}
]
}
CERTFR-2021-AVI-399
Vulnerability from certfr_avis - Published: 2021-05-26 - Updated: 2021-05-26
Une vulnérabilité a été découverte dans Nginx. Elle permet à un attaquant de provoquer une exécution de code arbitraire et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nginx versions ant\u00e9rieures \u00e0 1.21.0, 1.20.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Nginx",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-23017",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23017"
}
],
"initial_release_date": "2021-05-26T00:00:00",
"last_revision_date": "2021-05-26T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-399",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-05-26T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Nginx. Elle permet \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire et un d\u00e9ni de\nservice.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Nginx",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Nginx 000300 du 25 mai 2021",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
}
]
}
FKIE_CVE-2021-23017
Vulnerability from fkie_nvd - Published: 2021-06-01 13:15 - Updated: 2024-11-21 05:51
Severity ?
Summary
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
References
| URL | Tags | ||
|---|---|---|---|
| f5sirt@f5.com | http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html | Mailing List, Patch, Vendor Advisory | |
| f5sirt@f5.com | http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html | Third Party Advisory, VDB Entry | |
| f5sirt@f5.com | https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E | ||
| f5sirt@f5.com | https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E | ||
| f5sirt@f5.com | https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E | ||
| f5sirt@f5.com | https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E | ||
| f5sirt@f5.com | https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E | ||
| f5sirt@f5.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/ | ||
| f5sirt@f5.com | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/ | ||
| f5sirt@f5.com | https://security.netapp.com/advisory/ntap-20210708-0006/ | Third Party Advisory | |
| f5sirt@f5.com | https://support.f5.com/csp/article/K12331123%2C | ||
| f5sirt@f5.com | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| f5sirt@f5.com | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| f5sirt@f5.com | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html | Mailing List, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210708-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K12331123%2C | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| f5 | nginx | * | |
| openresty | openresty | * | |
| fedoraproject | fedora | 33 | |
| fedoraproject | fedora | 34 | |
| netapp | ontap_select_deploy_administration_utility | - | |
| oracle | blockchain_platform | * | |
| oracle | communications_control_plane_monitor | 3.4 | |
| oracle | communications_control_plane_monitor | 4.2 | |
| oracle | communications_control_plane_monitor | 4.3 | |
| oracle | communications_control_plane_monitor | 4.4 | |
| oracle | communications_fraud_monitor | * | |
| oracle | communications_operations_monitor | 3.4 | |
| oracle | communications_operations_monitor | 4.2 | |
| oracle | communications_operations_monitor | 4.3 | |
| oracle | communications_operations_monitor | 4.4 | |
| oracle | communications_session_border_controller | 8.4 | |
| oracle | communications_session_border_controller | 9.0 | |
| oracle | enterprise_communications_broker | 3.3.0 | |
| oracle | enterprise_session_border_controller | 8.4 | |
| oracle | enterprise_session_border_controller | 9.0 | |
| oracle | enterprise_telephony_fraud_monitor | 3.4 | |
| oracle | enterprise_telephony_fraud_monitor | 4.2 | |
| oracle | enterprise_telephony_fraud_monitor | 4.3 | |
| oracle | enterprise_telephony_fraud_monitor | 4.4 | |
| oracle | goldengate | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "236E1381-BE09-4C0B-9319-E803B7163ECC",
"versionEndExcluding": "1.20.1",
"versionStartIncluding": "0.6.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BD31F1B9-1CDB-4547-A19D-6A416FC45510",
"versionEndExcluding": "1.19.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
"versionEndExcluding": "21.1.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_control_plane_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "21B1EEE2-CC09-45D0-9424-C3DB0EF0DC67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "30446598-7680-4687-8E41-97E829F24998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F280A5FF-93B8-46BB-9A0C-46283CF494AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8591B5FB-D04C-477E-B974-60AA047815B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_fraud_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "351ECB54-99BC-49E4-8A27-D62380ACFB50",
"versionEndIncluding": "4.4",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C416FD3-2E2F-4BBC-BD5F-F896825883F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D886339E-EDB2-4879-BD54-1800E4CA9CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCDD73B-57B1-4580-B922-5662E3AC13B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A4E206-56C7-4578-AC9C-088B0C8D9CFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E927A24B-3B79-496B-8CE1-334441403750",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6C2AE-8CC3-423B-B0C8-566B643E2CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DBA3E95E-4AD0-4829-9061-F312C09DCFAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "24AD7EAA-6178-4B2E-B15D-5FC9E23AA2F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D972FB51-4035-42DE-A25E-EE12FF67A28C",
"versionEndExcluding": "21.4.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact."
},
{
"lang": "es",
"value": "Se identific\u00f3 un problema de seguridad en el solucionador de nginx, que podr\u00eda permitir a un atacante que pueda falsificar paquetes UDP desde el servidor DNS para causar una sobrescritura de memoria de 1 byte, lo que causar\u00eda un bloqueo del proceso de trabajo u otro impacto potencial"
}
],
"id": "CVE-2021-23017",
"lastModified": "2024-11-21T05:51:09.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-01T13:15:07.853",
"references": [
{
"source": "f5sirt@f5.com",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
},
{
"source": "f5sirt@f5.com",
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "f5sirt@f5.com",
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "f5sirt@f5.com",
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "f5sirt@f5.com",
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "f5sirt@f5.com",
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "f5sirt@f5.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"source": "f5sirt@f5.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"source": "f5sirt@f5.com",
"url": "https://support.f5.com/csp/article/K12331123%2C"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "f5sirt@f5.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K12331123%2C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "f5sirt@f5.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "f5sirt@f5.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-23017
Vulnerability from fstec - Published: 25.05.2021
VLAI Severity ?
Title
Уязвимость функции ngx_resolver_copy() сервера nginx, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Description
Уязвимость функции ngx_resolver_copy() сервера nginx связана с ошибкой единичного смещения в результате записи символа точки ('.', 0x2E) за пределы буфера кучи. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код или вызвать отказ в обслуживании путем отправки специально созданных UDP-пакетов
Severity ?
Vendor
Сообщество свободного программного обеспечения, Canonical Ltd., Oracle Corp., Red Hat Inc., ООО «Ред Софт», Fedora Project, NGINX Inc., АО «ИВК», АО "НППКТ", АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Ubuntu, Oracle Communications Operations Monitor, Red Hat Enterprise Linux, РЕД ОС (запись в едином реестре российских программ №3751), Red Hat Software Collections, Ansible Tower, Fedora, Oracle Communications Session Border Controller, Oracle Enterprise Session Border Controller, nginx, Альт 8 СП (запись в едином реестре российских программ №4305), Blockchain Platform, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), Enterprise Communications Broker, ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), GoldenGate, Oracle Enterprise Telephony Fraud Monitor, Oracle Communications Fraud Monitor, Oracle Communications Control Plane Monitor
Software Version
9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 3.4 (Oracle Communications Operations Monitor), 8 (Red Hat Enterprise Linux), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 7.2 Муром (РЕД ОС), - (Red Hat Software Collections), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), 3 (Ansible Tower), 33 (Fedora), 8.4 (Oracle Communications Session Border Controller), 8.4 (Oracle Enterprise Session Border Controller), 21.04 (Ubuntu), 4.2 (Oracle Communications Operations Monitor), 4.3 (Oracle Communications Operations Monitor), 34 (Fedora), 16.04 ESM (Ubuntu), от 0.6.18 до 1.20.1 (nginx), - (Альт 8 СП), 9.0 (Oracle Enterprise Session Border Controller), 4.4 (Oracle Communications Operations Monitor), до 21.1.2 (Blockchain Platform), до 2.1 (ОСОН ОСнова Оnyx), 3.3 (Enterprise Communications Broker), до 16.01.2023 (ОС ОН «Стрелец»), 9.0 (Oracle Communications Session Border Controller), до 21.4.0.0.0 (GoldenGate), 3.4 (Oracle Enterprise Telephony Fraud Monitor), 4.2 (Oracle Enterprise Telephony Fraud Monitor), 4.3 (Oracle Enterprise Telephony Fraud Monitor), 4.4 (Oracle Enterprise Telephony Fraud Monitor), от 3.4 до 4.4 включительно (Oracle Communications Fraud Monitor), 3.4 (Oracle Communications Control Plane Monitor), 4.2 (Oracle Communications Control Plane Monitor), 4.3 (Oracle Communications Control Plane Monitor), 4.4 (Oracle Communications Control Plane Monitor)
Possible Mitigations
Использование рекомендаций:
Для nginx:
http://nginx.org/en/security_advisories.html
Для РЕД ОС:
http://repo.red-soft.ru/redos/7.2c/x86_64/updates/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2021-23017
Для Ubuntu:
https://ubuntu.com/security/notices/USN-4967-1
https://ubuntu.com/security/notices/USN-4967-2
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2021-23017
Для ОСОН Основа:
Обновление программного обеспечения nginx до версии 1.14.2-2+deb10u4
Для ОС ОН «Стрелец»:
Обновление программного обеспечения nginx до версии 1.10.3-1+deb9u7
Для Fedora:
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/
Для продуктов Oracle:
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Reference
http://nginx.org/en/security_advisories.html
https://redos.red-soft.ru/updatesec/
https://www.cybersecurity-help.cz/vdb/SB2021052543
https://www.opennet.ru/opennews/art.shtml?num=55208
https://access.redhat.com/security/cve/cve-2021-23017
https://ubuntu.com/security/notices/USN-4967-1
https://ubuntu.com/security/notices/USN-4967-2
https://security-tracker.debian.org/tracker/CVE-2021-23017
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://redos.red-soft.ru/support/secure/uyazvimosti/udalennoe-vypolnenie-koda-v-nginx-cve-2021-23017/
https://www.oracle.com/security-alerts/cpuoct2021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://altsp.su/obnovleniya-bezopasnosti/
CWE
CWE-193
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:C/A:P",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Canonical Ltd., Oracle Corp., Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Fedora Project, NGINX Inc., \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 18.04 LTS (Ubuntu), 3.4 (Oracle Communications Operations Monitor), 8 (Red Hat Enterprise Linux), 14.04 ESM (Ubuntu), 10 (Debian GNU/Linux), 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), - (Red Hat Software Collections), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), 3 (Ansible Tower), 33 (Fedora), 8.4 (Oracle Communications Session Border Controller), 8.4 (Oracle Enterprise Session Border Controller), 21.04 (Ubuntu), 4.2 (Oracle Communications Operations Monitor), 4.3 (Oracle Communications Operations Monitor), 34 (Fedora), 16.04 ESM (Ubuntu), \u043e\u0442 0.6.18 \u0434\u043e 1.20.1 (nginx), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9.0 (Oracle Enterprise Session Border Controller), 4.4 (Oracle Communications Operations Monitor), \u0434\u043e 21.1.2 (Blockchain Platform), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 3.3 (Enterprise Communications Broker), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 9.0 (Oracle Communications Session Border Controller), \u0434\u043e 21.4.0.0.0 (GoldenGate), 3.4 (Oracle Enterprise Telephony Fraud Monitor), 4.2 (Oracle Enterprise Telephony Fraud Monitor), 4.3 (Oracle Enterprise Telephony Fraud Monitor), 4.4 (Oracle Enterprise Telephony Fraud Monitor), \u043e\u0442 3.4 \u0434\u043e 4.4 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Oracle Communications Fraud Monitor), 3.4 (Oracle Communications Control Plane Monitor), 4.2 (Oracle Communications Control Plane Monitor), 4.3 (Oracle Communications Control Plane Monitor), 4.4 (Oracle Communications Control Plane Monitor)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f nginx:\nhttp://nginx.org/en/security_advisories.html\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\nhttp://repo.red-soft.ru/redos/7.2c/x86_64/updates/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2021-23017\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4967-1\nhttps://ubuntu.com/security/notices/USN-4967-2\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2021-23017\n\n\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f nginx \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.14.2-2+deb10u4\n\n\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f nginx \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.10.3-1+deb9u7\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle:\nhttps://www.oracle.com/security-alerts/cpuoct2021.html\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "25.05.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "16.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "01.06.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-02749",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-23017",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Ubuntu, Oracle Communications Operations Monitor, Red Hat Enterprise Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Red Hat Software Collections, Ansible Tower, Fedora, Oracle Communications Session Border Controller, Oracle Enterprise Session Border Controller, nginx, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Blockchain Platform, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), Enterprise Communications Broker, \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), GoldenGate, Oracle Enterprise Telephony Fraud Monitor, Oracle Communications Fraud Monitor, Oracle Communications Control Plane Monitor",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 18.04 LTS , Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.2 \u041c\u0443\u0440\u043e\u043c (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 20.10 , Fedora Project Fedora 33 , Canonical Ltd. Ubuntu 21.04 , Fedora Project Fedora 34 , Canonical Ltd. Ubuntu 16.04 ESM , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ngx_resolver_copy() \u0441\u0435\u0440\u0432\u0435\u0440\u0430 nginx, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0430 \u0435\u0434\u0438\u043d\u0438\u0447\u043d\u043e\u0433\u043e \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044f (CWE-193)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ngx_resolver_copy() \u0441\u0435\u0440\u0432\u0435\u0440\u0430 nginx \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u0435\u0434\u0438\u043d\u0438\u0447\u043d\u043e\u0433\u043e \u0441\u043c\u0435\u0449\u0435\u043d\u0438\u044f \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 \u0441\u0438\u043c\u0432\u043e\u043b\u0430 \u0442\u043e\u0447\u043a\u0438 (\u0027.\u0027, 0x2E) \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u043a\u0443\u0447\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0438\u043b\u0438 \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0435\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0445 UDP-\u043f\u0430\u043a\u0435\u0442\u043e\u0432",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://nginx.org/en/security_advisories.html\nhttps://redos.red-soft.ru/updatesec/\nhttps://www.cybersecurity-help.cz/vdb/SB2021052543\nhttps://www.opennet.ru/opennews/art.shtml?num=55208\nhttps://access.redhat.com/security/cve/cve-2021-23017\nhttps://ubuntu.com/security/notices/USN-4967-1\nhttps://ubuntu.com/security/notices/USN-4967-2\nhttps://security-tracker.debian.org/tracker/CVE-2021-23017\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://redos.red-soft.ru/support/secure/uyazvimosti/udalennoe-vypolnenie-koda-v-nginx-cve-2021-23017/\nhttps://www.oracle.com/security-alerts/cpuoct2021.html\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/\nhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/\nhttps://www.oracle.com/security-alerts/cpujan2022.html\nhttps://www.oracle.com/security-alerts/cpuapr2022.html\nhttps://altsp.su/obnovleniya-bezopasnosti/",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e, \u0421\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-193",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,7)"
}
cleanstart-2026-zt77083
Vulnerability from cleanstart
Published
2026-02-18 00:40
Modified
2026-02-17 14:16
Summary
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers
Details
Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerability details.
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the nginx package. When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ZT77083",
"modified": "2026-02-17T14:16:07Z",
"published": "2026-02-18T00:40:43.959662Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ZT77083.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7529"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16845"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-20372"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-23017"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-46461"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-46462"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-46463"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-3638"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41741"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-41742"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-31079"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-32760"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-34161"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-35200"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7347"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-23419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16845"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20372"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46461"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46462"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46463"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3638"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41742"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31079"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32760"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34161"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35200"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7347"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23419"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers",
"upstream": [
"CVE-2017-7529",
"CVE-2018-16845",
"CVE-2019-20372",
"CVE-2019-9511",
"CVE-2019-9513",
"CVE-2019-9516",
"CVE-2021-23017",
"CVE-2021-46461",
"CVE-2021-46462",
"CVE-2021-46463",
"CVE-2022-25139",
"CVE-2022-3638",
"CVE-2022-41741",
"CVE-2022-41742",
"CVE-2023-44487",
"CVE-2024-31079",
"CVE-2024-32760",
"CVE-2024-34161",
"CVE-2024-35200",
"CVE-2024-7347",
"CVE-2025-23419"
]
}
bit-nginx-2021-23017
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:59
Modified
2025-04-03 14:40
Summary
Details
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "nginx",
"purl": "pkg:bitnami/nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0.6.18"
},
{
"fixed": "1.20.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2021-23017"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"
],
"severity": "High"
},
"details": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.",
"id": "BIT-nginx-2021-23017",
"modified": "2025-04-03T14:40:37.652Z",
"published": "2024-03-06T10:59:30.599Z",
"references": [
{
"type": "WEB",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009%40%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f%40%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba%40%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31%40%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c%40%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K12331123%2C"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017"
}
],
"schema_version": "1.5.0"
}
cve-2021-23017
Vulnerability from osv_almalinux
Published
2021-06-07 10:02
Modified
2021-06-07 10:02
Summary
Important: nginx:1.18 security update
Details
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.5.0+36+48437aab.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.4.0+2472+f736ed63.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-all-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.4.0+2472+f736ed63.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.4.0+2472+f736ed63.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-image-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.4.0+2472+f736ed63.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-image-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.5.0+36+48437aab.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-perl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.4.0+2472+f736ed63.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-perl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.5.0+36+48437aab.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-xslt-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.5.0+36+48437aab.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-xslt-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.4.0+2472+f736ed63.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-mail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.5.0+36+48437aab.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-mail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.4.0+2472+f736ed63.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-stream"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.4.0+2472+f736ed63.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-stream"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.18.0-3.module_el8.5.0+36+48437aab.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2021:2259",
"modified": "2021-06-07T10:02:53Z",
"published": "2021-06-07T10:02:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-2259.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-23017"
}
],
"related": [
"CVE-2021-23017"
],
"summary": "Important: nginx:1.18 security update"
}
cve-2021-23017
Vulnerability from osv_almalinux
Published
2021-06-08 09:47
Modified
2021-06-08 09:47
Summary
Important: nginx:1.16 security update
Details
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
- nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.5.0+35+6a1225c3.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.4.0+2470+68135136.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-all-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.4.0+2470+68135136.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.4.0+2470+68135136.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-image-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.4.0+2470+68135136.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-image-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.5.0+35+6a1225c3.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-perl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.5.0+35+6a1225c3.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-perl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.4.0+2470+68135136.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-xslt-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.4.0+2470+68135136.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-xslt-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.5.0+35+6a1225c3.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-mail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.5.0+35+6a1225c3.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-mail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.4.0+2470+68135136.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-stream"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.5.0+35+6a1225c3.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-stream"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.16.1-2.module_el8.4.0+2470+68135136.1.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2021:2290",
"modified": "2021-06-08T09:47:28Z",
"published": "2021-06-08T09:47:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-2290.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-23017"
}
],
"related": [
"CVE-2021-23017"
],
"summary": "Important: nginx:1.16 security update"
}
cve-2021-23017
Vulnerability from osv_almalinux
Published
2022-01-31 09:52
Modified
2022-01-31 21:06
Summary
Important: nginx:1.20 security update
Details
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
The following packages have been upgraded to a later upstream version: nginx (1.20.1). (BZ#2031030)
Security Fix(es):
- nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.6.0+2782+a022aca3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.5.0+2611+ab304644.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-all-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.5.0+2611+ab304644.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-all-modules"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.6.0+2782+a022aca3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.5.0+2611+ab304644.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-filesystem"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.6.0+2782+a022aca3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-image-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.6.0+2782+a022aca3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-image-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.5.0+2611+ab304644.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-perl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.5.0+2611+ab304644.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-perl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.6.0+2782+a022aca3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-xslt-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.5.0+2611+ab304644.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-http-xslt-filter"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.6.0+2782+a022aca3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-mail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.6.0+2782+a022aca3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-mail"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.5.0+2611+ab304644.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-stream"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.6.0+2782+a022aca3.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "nginx-mod-stream"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:1.20.1-1.module_el8.5.0+2611+ab304644.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nThe following packages have been upgraded to a later upstream version: nginx (1.20.1). (BZ#2031030)\n\nSecurity Fix(es):\n\n* nginx: Off-by-one in ngx_resolver_copy() when labels are followed by a pointer to a root domain name (CVE-2021-23017)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0323",
"modified": "2022-01-31T21:06:57Z",
"published": "2022-01-31T09:52:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2022-0323.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2021-23017"
}
],
"related": [
"CVE-2021-23017"
],
"summary": "Important: nginx:1.20 security update"
}
GHSA-83P9-MCPM-374V
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI?
Details
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Severity ?
9.4 (Critical)
{
"affected": [],
"aliases": [
"CVE-2021-23017"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-01T13:15:00Z",
"severity": "CRITICAL"
},
"details": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.",
"id": "GHSA-83p9-mcpm-374v",
"modified": "2022-05-24T19:03:49Z",
"published": "2022-05-24T19:03:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20210708-0006"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K12331123,"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
]
}
GSD-2021-23017
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-23017",
"description": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.",
"id": "GSD-2021-23017",
"references": [
"https://www.suse.com/security/cve/CVE-2021-23017.html",
"https://www.debian.org/security/2021/dsa-4921",
"https://access.redhat.com/errata/RHSA-2022:0323",
"https://access.redhat.com/errata/RHSA-2021:4618",
"https://access.redhat.com/errata/RHSA-2021:3925",
"https://access.redhat.com/errata/RHSA-2021:3873",
"https://access.redhat.com/errata/RHSA-2021:3653",
"https://access.redhat.com/errata/RHBA-2021:3472",
"https://access.redhat.com/errata/RHBA-2021:2955",
"https://access.redhat.com/errata/RHSA-2021:2290",
"https://access.redhat.com/errata/RHSA-2021:2278",
"https://access.redhat.com/errata/RHSA-2021:2259",
"https://access.redhat.com/errata/RHSA-2021:2258",
"https://ubuntu.com/security/CVE-2021-23017",
"https://advisories.mageia.org/CVE-2021-23017.html",
"https://security.archlinux.org/CVE-2021-23017",
"https://alas.aws.amazon.com/cve/html/CVE-2021-23017.html",
"https://linux.oracle.com/cve/CVE-2021-23017.html",
"https://access.redhat.com/errata/RHSA-2021:3851",
"https://packetstormsecurity.com/files/cve/CVE-2021-23017"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-23017"
],
"details": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.",
"id": "GSD-2021-23017",
"modified": "2023-12-13T01:23:30.097442Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2021-23017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nginx Web Server, Nginx Plus",
"version": {
"version_data": [
{
"version_value": "Nginx Web Server versions 0.6.18 thru 1.20.0 before 1.20.1, Nginx plus versions R13 thru R23 before R23 P1. Nginx plus version R24 before R24 P1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K12331123,",
"refsource": "MISC",
"url": "https://support.f5.com/csp/article/K12331123,"
},
{
"name": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
"refsource": "MISC",
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"name": "[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "FEDORA-2021-b37cffac0d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"
},
{
"name": "FEDORA-2021-393d698493",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210708-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.20.1",
"versionStartIncluding": "0.6.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.19.3.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_telephony_fraud_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_fraud_monitor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.4",
"versionStartIncluding": "3.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_control_plane_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.4.0.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.1.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2021-23017"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html",
"refsource": "MISC",
"tags": [
"Mailing List",
"Patch",
"Vendor Advisory"
],
"url": "http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"
},
{
"name": "https://support.f5.com/csp/article/K12331123,",
"refsource": "MISC",
"tags": [
"Broken Link"
],
"url": "https://support.f5.com/csp/article/K12331123,"
},
{
"name": "[apisix-notifications] 20210607 [GitHub] [apisix-website] Serendipity96 opened a new pull request #362: feat: add new blog",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r6fc5c57b38e93e36213e9a18c8a4e5dbd5ced1c7e57f08a1735975ba@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] netlify[bot] edited a comment on pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf318aeeb4d7a3a312734780b47de83cefb7e6995da0b2cae5c28675c@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran commented on a change in pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r37e6b2165f7c910d8e15fd54f4697857619ad2625f56583802004009@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [apisix-website] branch master updated: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\" (#362)",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/rf232eecd47fdc44520192810560303073cefd684b321f85e311bad31@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "[apisix-notifications] 20210608 [GitHub] [apisix-website] liuxiran merged pull request #362: docs: added \"Apache APISIX not affected by NGINX CVE-2021-23017\"",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/r4d4966221ca399ce948ef34884652265729d7d9ef8179c78d7f17e7f@%3Cnotifications.apisix.apache.org%3E"
},
{
"name": "FEDORA-2021-393d698493",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SFVYHC7OXTEO4SMBWXDVK6E5IMEYMEE/"
},
{
"name": "FEDORA-2021-b37cffac0d",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNKOP2JR5L7KCIZTJRZDCUPJTUONMC5I/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210708-0006/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210708-0006/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167720/Nginx-1.20.0-Denial-Of-Service.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.5
}
},
"lastModifiedDate": "2022-09-14T15:49Z",
"publishedDate": "2021-06-01T13:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…